From 8079f3be00865ee7c41be7c1f3d00a017a98af54 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Sun, 12 Jan 2014 10:29:38 +0100
Subject: [PATCH 01/57] Remove warning about 1.6.0 not being released.

---
 share/doc/src/whatsnew/1.6.rst | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index 7d93ff64d9e..91eb66cae01 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -39,10 +39,6 @@ in case if you had used such handler.
 Version 1.6.0
 =============
 
-.. warning::
-
-   This version is not released yet.
-
 * Fauxton: many improvements in our experimental new user interface, including
   switching the code editor from CodeMirror to Ace as well as better support
   for various browsers.

From d4cb60495c0b82ba25f7eaa22ef8446186bf7e61 Mon Sep 17 00:00:00 2001
From: Jan Lehnardt <jan@apache.org>
Date: Mon, 13 Jan 2014 20:25:45 +0100
Subject: [PATCH 02/57] blank files might sink ships

---
 .../priv/default.d/my_first_couchdb_plugin.ini                 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/my-first-couchdb-plugin/priv/default.d/my_first_couchdb_plugin.ini b/src/my-first-couchdb-plugin/priv/default.d/my_first_couchdb_plugin.ini
index e69de29bb2d..fbc2d981fd6 100644
--- a/src/my-first-couchdb-plugin/priv/default.d/my_first_couchdb_plugin.ini
+++ b/src/my-first-couchdb-plugin/priv/default.d/my_first_couchdb_plugin.ini
@@ -0,0 +1,3 @@
+;per-plugin configuration goes here
+;[plugin-name]
+;config=value

From f042538352bb9aeec17fae39094bf8705741fed9 Mon Sep 17 00:00:00 2001
From: benoitc <benoitc@apache.org>
Date: Sun, 5 Jan 2014 10:22:05 +0100
Subject: [PATCH 03/57] use POSIX tar to support files length > 99

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 6c5ef5b632e..57a4268a405 100644
--- a/configure.ac
+++ b/configure.ac
@@ -24,7 +24,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_HEADERS([src/snappy/google-snappy/config.h])
 
-AM_INIT_AUTOMAKE([1.6.3 foreign])
+AM_INIT_AUTOMAKE([1.6.3 foreign tar-ustar])
 
 AC_USE_SYSTEM_EXTENSIONS
 AC_ENABLE_SHARED

From 79094acbf4113382c7dd28d024bb9d393632d871 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Fri, 17 Jan 2014 14:47:36 +0100
Subject: [PATCH 04/57] Empty build tags for release.

---
 acinclude.m4.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/acinclude.m4.in b/acinclude.m4.in
index db2f1496084..9f0b3f44d78 100644
--- a/acinclude.m4.in
+++ b/acinclude.m4.in
@@ -19,8 +19,8 @@ m4_define([LOCAL_BUG_URI], [https://issues.apache.org/jira/browse/COUCHDB])
 m4_define([LOCAL_VERSION_MAJOR], [1])
 m4_define([LOCAL_VERSION_MINOR], [6])
 m4_define([LOCAL_VERSION_REVISION], [0])
-m4_define([LOCAL_VERSION_STAGE], [+build])
-m4_define([LOCAL_VERSION_RELEASE], [.%revision%])
+m4_define([LOCAL_VERSION_STAGE], [])
+m4_define([LOCAL_VERSION_RELEASE], [])
 m4_define([LOCAL_VERSION_PRIMARY],
     [LOCAL_VERSION_MAJOR.LOCAL_VERSION_MINOR.LOCAL_VERSION_REVISION])
 m4_define([LOCAL_VERSION_SECONDARY],

From 89c9bd0e169ee1d3428e485c30c811aaf8e611ac Mon Sep 17 00:00:00 2001
From: suelockwood <deathbear@apache.org>
Date: Mon, 20 Jan 2014 11:01:57 -0500
Subject: [PATCH 05/57] Fixing release makefile to include all fauxton files.

---
 src/Makefile.am | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/Makefile.am b/src/Makefile.am
index 12c4fe30c8a..0093ebdde94 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -59,9 +59,18 @@ FAUXTON_FILES = \
     fauxton/app/addons/auth/templates/nav_dropdown.html \
     fauxton/app/addons/auth/templates/nav_link_title.html \
     fauxton/app/addons/auth/templates/noAccess.html \
+    fauxton/app/addons/compaction/base.js \
+    fauxton/app/addons/compaction/resources.js \
+    fauxton/app/addons/compaction/routes.js \
+    fauxton/app/addons/compaction/views.js \
+    fauxton/app/addons/compaction/assets/less/compaction.less \
+    fauxton/app/addons/compaction/templates/compact_view.html \
+    fauxton/app/addons/compaction/templates/layout.html \
     fauxton/app/addons/config/base.js \
     fauxton/app/addons/config/resources.js \
     fauxton/app/addons/config/routes.js \
+    fauxton/app/addons/config/views.js \
+    fauxton/app/addons/config/assets/less/config.less \
     fauxton/app/addons/config/templates/dashboard.html \
     fauxton/app/addons/config/templates/item.html \
     fauxton/app/addons/contribute/base.js \
@@ -105,6 +114,12 @@ FAUXTON_FILES = \
     fauxton/app/addons/stats/templates/stats.html \
     fauxton/app/addons/stats/templates/statselect.html \
     fauxton/app/addons/stats/views.js \
+    fauxton/app/addons/verifyinstall/base.js \
+    fauxton/app/addons/verifyinstall/resources.js \
+    fauxton/app/addons/verifyinstall/routes.js \
+    fauxton/app/addons/verifyinstall/views.js \
+    fauxton/app/addons/verifyinstall/assets/less/verifyinstall.less \
+    fauxton/app/addons/verifyinstall/templates/main.html \
     fauxton/app/api.js \
     fauxton/app/app.js \
     fauxton/app/config.js \
@@ -135,7 +150,11 @@ FAUXTON_FILES = \
     fauxton/app/templates/databases/newdatabase.html \
     fauxton/app/templates/documents/all_docs_item.html \
     fauxton/app/templates/documents/all_docs_list.html \
+    fauxton/app/templates/documents/all_docs_layout.html \
+    fauxton/app/templates/documents/all_docs_number.html \
+    fauxton/app/templates/documents/advanced_options.html \
     fauxton/app/templates/documents/changes.html \
+    fauxton/app/templates/documents/design_doc_selector.html \
     fauxton/app/templates/documents/ddoc_info.html \
     fauxton/app/templates/documents/doc.html \
     fauxton/app/templates/documents/doc_field_editor.html \
@@ -160,6 +179,7 @@ FAUXTON_FILES = \
     fauxton/app/templates/fauxton/pagination.html \
     fauxton/app/templates/layouts/one_pane.html \
     fauxton/app/templates/layouts/two_pane.html \
+    fauxton/app/templates/layouts/one_pane_notabs.html
     fauxton/app/templates/layouts/with_right_sidebar.html \
     fauxton/app/templates/layouts/with_sidebar.html \
     fauxton/app/templates/layouts/with_tabs.html \
@@ -312,3 +332,4 @@ FAUXTON_FILES = \
     fauxton/test/test.config.underscore \
     fauxton/TODO.md \
     fauxton/writing_addons.md
+    fauxton/extensions.md

From 1e0a1b3a76c88334a6ae6fdc877a6f2a048d09cc Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Tue, 21 Jan 2014 14:11:36 +0100
Subject: [PATCH 06/57] Add some line continuations missed in 89c9bd0e

---
 src/Makefile.am | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 0093ebdde94..c78e6190c12 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -179,7 +179,7 @@ FAUXTON_FILES = \
     fauxton/app/templates/fauxton/pagination.html \
     fauxton/app/templates/layouts/one_pane.html \
     fauxton/app/templates/layouts/two_pane.html \
-    fauxton/app/templates/layouts/one_pane_notabs.html
+    fauxton/app/templates/layouts/one_pane_notabs.html \
     fauxton/app/templates/layouts/with_right_sidebar.html \
     fauxton/app/templates/layouts/with_sidebar.html \
     fauxton/app/templates/layouts/with_tabs.html \
@@ -331,5 +331,5 @@ FAUXTON_FILES = \
     fauxton/test/runner.html \
     fauxton/test/test.config.underscore \
     fauxton/TODO.md \
-    fauxton/writing_addons.md
+    fauxton/writing_addons.md \
     fauxton/extensions.md

From 5060ac7c4b1d9269cbb33f9c3c521267c9f1c5dd Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Tue, 21 Jan 2014 16:06:34 +0100
Subject: [PATCH 07/57] Remove reference to file that doesn't exist on the
 branch

---
 src/Makefile.am | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index c78e6190c12..2292ccf96f4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -69,7 +69,6 @@ FAUXTON_FILES = \
     fauxton/app/addons/config/base.js \
     fauxton/app/addons/config/resources.js \
     fauxton/app/addons/config/routes.js \
-    fauxton/app/addons/config/views.js \
     fauxton/app/addons/config/assets/less/config.less \
     fauxton/app/addons/config/templates/dashboard.html \
     fauxton/app/addons/config/templates/item.html \

From af196a4725ddc1f8172422f0e0ebd5a6cefa21cc Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Tue, 21 Jan 2014 16:58:28 +0100
Subject: [PATCH 08/57] Update copyright notice

---
 NOTICE | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NOTICE b/NOTICE
index 0fa5d8d86c8..30e299dde74 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
 Apache CouchDB
-Copyright 2009-2013 The Apache Software Foundation
+Copyright 2009-2014 The Apache Software Foundation
 
 This product includes software developed at
 The Apache Software Foundation (http://www.apache.org/).

From ce3e89dc9fef25aa0e038e5a621a1e7c732e66e2 Mon Sep 17 00:00:00 2001
From: NickNorth <North.N@gmail.com>
Date: Tue, 3 Dec 2013 20:58:53 +0000
Subject: [PATCH 09/57] Speed up and move couch_httpd:find_in_binary.

See https://issues.apache.org/jira/browse/COUCHDB-1953

(cherry picked from commit 824869c3c059d887da0dbe1cd04eb244c931c27b)
---
 src/couchdb/couch_httpd.erl    | 30 +--------------
 src/couchdb/couch_util.erl     | 32 ++++++++++++++++
 test/etap/043-find-in-binary.t | 69 ++++++++++++++++++++++++++++++++++
 3 files changed, 102 insertions(+), 29 deletions(-)
 create mode 100755 test/etap/043-find-in-binary.t

diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 465bc7a41ee..9245f4b20cd 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -1003,7 +1003,7 @@ split_header(Line) ->
      mochiweb_util:parse_header(Value)}].
 
 read_until(#mp{data_fun=DataFun, buffer=Buffer}=Mp, Pattern, Callback) ->
-    case find_in_binary(Pattern, Buffer) of
+    case couch_util:find_in_binary(Pattern, Buffer) of
     not_found ->
         Callback2 = Callback(Buffer),
         {Buffer2, DataFun2} = DataFun(),
@@ -1079,34 +1079,6 @@ check_for_last(#mp{buffer=Buffer, data_fun=DataFun}=Mp) ->
                 data_fun = DataFun2})
     end.
 
-find_in_binary(_B, <<>>) ->
-    not_found;
-
-find_in_binary(B, Data) ->
-    case binary:match(Data, [B], []) of
-    nomatch ->
-        partial_find(binary:part(B, {0, byte_size(B) - 1}),
-                     binary:part(Data, {byte_size(Data), -byte_size(Data) + 1}), 1);
-    {Pos, _Len} ->
-        {exact, Pos}
-    end.
-
-partial_find(<<>>, _Data, _Pos) ->
-    not_found;
-
-partial_find(B, Data, N) when byte_size(Data) > 0 ->
-    case binary:match(Data, [B], []) of
-    nomatch ->
-        partial_find(binary:part(B, {0, byte_size(B) - 1}),
-                     binary:part(Data, {byte_size(Data), -byte_size(Data) + 1}), N + 1);
-    {Pos, _Len} ->
-        {partial, N + Pos}
-    end;
-
-partial_find(_B, _Data, _N) ->
-    not_found.
-
-
 validate_bind_address(Address) ->
     case inet_parse:address(Address) of
         {ok, _} -> ok;
diff --git a/src/couchdb/couch_util.erl b/src/couchdb/couch_util.erl
index afe3528a6c2..2509bef929f 100644
--- a/src/couchdb/couch_util.erl
+++ b/src/couchdb/couch_util.erl
@@ -29,6 +29,7 @@
 -export([encode_doc_id/1]).
 -export([with_db/2]).
 -export([rfc1123_date/0, rfc1123_date/1]).
+-export([find_in_binary/2]).
 
 -include("couch_db.hrl").
 
@@ -487,3 +488,34 @@ month(9) -> "Sep";
 month(10) -> "Oct";
 month(11) -> "Nov";
 month(12) -> "Dec".
+
+
+find_in_binary(_B, <<>>) ->
+    not_found;
+
+find_in_binary(B, Data) ->
+    case binary:match(Data, [B], []) of
+    nomatch ->
+        MatchLength = erlang:min(byte_size(B), byte_size(Data)),
+        match_prefix_at_end(binary:part(B, {0, MatchLength}),
+                            binary:part(Data, {byte_size(Data), -MatchLength}),
+                            MatchLength, byte_size(Data) - MatchLength);
+    {Pos, _Len} ->
+        {exact, Pos}
+    end.
+
+match_prefix_at_end(Prefix, Data, PrefixLength, N) ->
+    FirstCharMatches = binary:matches(Data, [binary:part(Prefix, {0, 1})], []),
+    match_rest_of_prefix(FirstCharMatches, Prefix, Data, PrefixLength, N).
+
+match_rest_of_prefix([], _Prefix, _Data, _PrefixLength, _N) ->
+    not_found;
+
+match_rest_of_prefix([{Pos, _Len} | Rest], Prefix, Data, PrefixLength, N) ->
+    case binary:match(binary:part(Data, {PrefixLength, Pos - PrefixLength}),
+                      [binary:part(Prefix, {0, PrefixLength - Pos})], []) of
+        nomatch ->
+            match_rest_of_prefix(Rest, Prefix, Data, PrefixLength, N);
+        {_Pos, _Len1} ->
+            {partial, N + Pos}
+    end.
diff --git a/test/etap/043-find-in-binary.t b/test/etap/043-find-in-binary.t
new file mode 100755
index 00000000000..d29aa8a5742
--- /dev/null
+++ b/test/etap/043-find-in-binary.t
@@ -0,0 +1,69 @@
+#!/usr/bin/env escript
+%%! -pa ./deps/*/ebin -pa ./apps/*/ebin -pa ./test/etap
+%% -*- erlang -*-
+
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+%   http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+main(_) ->
+    test_util:init_code_path(),
+
+    etap:plan(length(cases())),
+    case (catch test()) of
+        ok ->
+            etap:end_tests();
+        Other ->
+            etap:diag(io_lib:format("Test died abnormally: ~p", [Other])),
+            etap:bail(Other)
+    end,
+    ok.
+
+
+test() ->
+    lists:foreach(fun({Needle, Haystack, Result}) ->
+        try
+        Msg = io_lib:format("Looking for ~s in ~s", [Needle, Haystack]),
+        etap:is(couch_util:find_in_binary(Needle, Haystack), Result, Msg)
+        catch _T:_R ->
+            etap:diag("~p", [{_T, _R}])
+        end
+    end, cases()),
+    ok.
+
+
+cases() ->
+    [
+        {<<"foo">>, <<"foobar">>, {exact, 0}},
+        {<<"foo">>, <<"foofoo">>, {exact, 0}},
+        {<<"foo">>, <<"barfoo">>, {exact, 3}},
+        {<<"foo">>, <<"barfo">>, {partial, 3}},
+        {<<"f">>, <<"fobarfff">>, {exact, 0}},
+        {<<"f">>, <<"obarfff">>, {exact, 4}},
+        {<<"f">>, <<"obarggf">>, {exact, 6}},
+        {<<"f">>, <<"f">>, {exact, 0}},
+        {<<"f">>, <<"g">>, not_found},
+        {<<"foo">>, <<"f">>, {partial, 0}},
+        {<<"foo">>, <<"g">>, not_found},
+        {<<"foo">>, <<"">>, not_found},
+        {<<"fofo">>, <<"foofo">>, {partial, 3}},
+        {<<"foo">>, <<"gfobarfo">>, {partial, 6}},
+        {<<"foo">>, <<"gfobarf">>, {partial, 6}},
+        {<<"foo">>, <<"gfobar">>, not_found},
+        {<<"fog">>, <<"gbarfogquiz">>, {exact, 4}},
+        {<<"ggg">>, <<"ggg">>, {exact, 0}},
+        {<<"ggg">>, <<"ggggg">>, {exact, 0}},
+        {<<"ggg">>, <<"bggg">>, {exact, 1}},
+        {<<"ggg">>, <<"bbgg">>, {partial, 2}},
+        {<<"ggg">>, <<"bbbg">>, {partial, 3}},
+        {<<"ggg">>, <<"bgbggbggg">>, {exact, 6}},
+        {<<"ggg">>, <<"bgbggb">>, not_found}
+    ].

From 79035f8dbe15bf5eefce2b5acb48f36acc94f001 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Thu, 10 Apr 2014 10:22:59 +0200
Subject: [PATCH 10/57] Update what's new for 1.6.0 with recently merged
 changes

---
 share/doc/src/whatsnew/1.6.rst | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index 91eb66cae01..248ae329dc5 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -33,7 +33,6 @@ as deprecated and will be removed in future releases. It's strongly recommended
 to update :config:option:`httpd/authentication_handlers` option with new value
 in case if you had used such handler.
 
-
 .. _release/1.6.0:
 
 Version 1.6.0
@@ -42,9 +41,12 @@ Version 1.6.0
 * Fauxton: many improvements in our experimental new user interface, including
   switching the code editor from CodeMirror to Ace as well as better support
   for various browsers.
+* :issue:`1986`: increase socket buffer size to improve replication speed
+  for large documents and attachments, and fix tests on BSD-like systems.
+  :commit:`9a0e561b`
+* :issue:`1953`: improve performance of multipart/related requests.
+  :commit:`ce3e89dc`
 * :issue:`1922`: fix CORS exposed headers. :commit:`4f619833`
-* Rename ``proxy_authentification_handler`` to ``proxy_authentication_handler``.
-  :commit:`c66ac4a8`
 * :issue:`1795`: ensure the startup script clears the pid file on termination.
   :commit:`818ef4f9`
 * :issue:`1962`: replication can now be performed without having write access
@@ -57,7 +59,22 @@ Version 1.6.0
 * :issue:`1923`: add support for `attachments` and `att_encoding_info` options
   (formerly only available on the documents API) to the view API.
   :commit:`ca41964b`
+* :issue:`1780`: upgrade password hashes from SHA-1 to PBKDF2 scheme on
+  successful authentication. :commit:`34888938`
+* :issue:`2059`: allow run-time configuration of maximum URL length.
+  :commit:`f7ca266b`
+* :issue:`2054`: accept gzipped JSON request bodies. :commit:`4d893387`
+* Rename ``proxy_authentification_handler`` to ``proxy_authentication_handler``.
+  :commit:`c66ac4a8`
 * :issue:`1647`: for failed replications originating from a document in the
   `_replicator` database, store the failure reason in the document.
   :commit:`08cac68b`
-* A number of improvements for the documentation.
+* :issue:`2053`: send better error messages when both `key` and `keys`
+  parameters are specified in view requests. :commit:`2bc07840`
+* :issue:`2040`: send better error messages when incorrect checksums
+  are encountered during compaction. :commit:`e7fdc16a`
+* :issue:`2028`: allow intermedia certificates when using SSL/TLS.
+  :commit:`2d080449`
+* :issue:`2031`: fix rewriting of paths with query string parameters.
+  :commit:`37c84596`
+* Numerous improvements to the documentation.

From 54e43a106bb1116ae5e1b6877423f4e00e0e1ed9 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Fri, 11 Apr 2014 21:13:35 +0200
Subject: [PATCH 11/57] Add note about CVE-2014-2668 to 1.6.0 what's new

---
 share/doc/src/whatsnew/1.6.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index 248ae329dc5..2f5faec9c36 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -33,6 +33,9 @@ as deprecated and will be removed in future releases. It's strongly recommended
 to update :config:option:`httpd/authentication_handlers` option with new value
 in case if you had used such handler.
 
+Note that this release also contains the security fix for CVE-2014-2668 that
+was first fixed in :ref:`release/1.5.1`.
+
 .. _release/1.6.0:
 
 Version 1.6.0

From 6529f7779584599dcd6106b7a34d0648f6318d96 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Fri, 11 Apr 2014 21:14:43 +0200
Subject: [PATCH 12/57] Update what's new for 1.6.0 for latest merge

---
 share/doc/src/whatsnew/1.6.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index 2f5faec9c36..8ddbea1a701 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -49,6 +49,8 @@ Version 1.6.0
   :commit:`9a0e561b`
 * :issue:`1953`: improve performance of multipart/related requests.
   :commit:`ce3e89dc`
+* :issue:`2221`: verify that authentication-related configuration settings
+  are well-formed. :commit:`dbe769c6`
 * :issue:`1922`: fix CORS exposed headers. :commit:`4f619833`
 * :issue:`1795`: ensure the startup script clears the pid file on termination.
   :commit:`818ef4f9`

From 12f745c434947dbfde3e08b1418cec566cfeca9e Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Sun, 13 Apr 2014 05:39:00 +0400
Subject: [PATCH 13/57] Add license header for tracking.html

---
 share/doc/templates/tracking.html | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/share/doc/templates/tracking.html b/share/doc/templates/tracking.html
index e6d4037bddd..b80e3c2c58c 100644
--- a/share/doc/templates/tracking.html
+++ b/share/doc/templates/tracking.html
@@ -1,3 +1,18 @@
+<!--
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License. You may obtain a copy of the
+License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+
+-->
+
 {% if not local %}
 <script type="text/javascript">
   var _gaq = _gaq || [];

From 9be8f97a75f75fa7f33fac8c1a65e26b886121c7 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Tue, 15 Apr 2014 09:11:00 +0200
Subject: [PATCH 14/57] Add documentation for CVE-2014-2668

---
 share/doc/src/cve/2014-2668.rst | 54 +++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 share/doc/src/cve/2014-2668.rst

diff --git a/share/doc/src/cve/2014-2668.rst b/share/doc/src/cve/2014-2668.rst
new file mode 100644
index 00000000000..5ccd2a47fe9
--- /dev/null
+++ b/share/doc/src/cve/2014-2668.rst
@@ -0,0 +1,54 @@
+.. Licensed under the Apache License, Version 2.0 (the "License"); you may not
+.. use this file except in compliance with the License. You may obtain a copy of
+.. the License at
+..
+..   http://www.apache.org/licenses/LICENSE-2.0
+..
+.. Unless required by applicable law or agreed to in writing, software
+.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+.. License for the specific language governing permissions and limitations under
+.. the License.
+
+
+.. _cve/2014-2668:
+
+==================================================================================
+CVE-2014-2668: DoS (CPU and memory consumption) via the count parameter to /_uuids
+==================================================================================
+
+:Date: 26.03.2014
+
+:Affected: Apache CouchDB releases up to and including 1.3.1, 1.4.0,
+           and 1.5.0 are vulnerable.
+
+:Severity: Moderate
+
+:Vendor: The Apache Software Foundation
+
+Description
+===========
+
+The :ref:`api/server/uuids` resource's `count` query parameter is able to take
+unreasonable huge numeric value which leads to exhaustion of server resources
+(CPU and memory) and to DoS as the result.
+
+Mitigation
+==========
+
+Upgrade to a supported CouchDB release that includes this fix, such as:
+
+- :ref:`1.5.1 <release/1.5.1>`
+- :ref:`1.6.0 <release/1.6.0>`
+
+All listed releases have included a specific fix to
+
+Work-Around
+===========
+
+Disable the :ref:`api/server/uuids` handler completely, by adapting
+`local.ini` and restarting CouchDB::
+
+  [httpd_global_handlers]
+  _uuids =
+

From 81d753a03ee5a2b744273726d02fea5e1d2289b5 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Tue, 15 Apr 2014 09:12:34 +0200
Subject: [PATCH 15/57] Add CVE-2014-2668 warning to old release branches

---
 share/doc/src/whatsnew/1.3.rst | 4 ++++
 share/doc/src/whatsnew/1.4.rst | 4 ++++
 share/doc/src/whatsnew/1.5.rst | 7 ++++++-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/share/doc/src/whatsnew/1.3.rst b/share/doc/src/whatsnew/1.3.rst
index 7e697855cfa..3f19f56bc8d 100644
--- a/share/doc/src/whatsnew/1.3.rst
+++ b/share/doc/src/whatsnew/1.3.rst
@@ -21,6 +21,10 @@
    :depth: 1
    :local:
 
+.. warning::
+
+   :ref:`release/1.3.x` is affected by the issue described in :ref:`cve/2014-2668`.
+   Upgrading to a more recent release is strongly recommended.
 
 .. _release/1.3.x/upgrade:
 
diff --git a/share/doc/src/whatsnew/1.4.rst b/share/doc/src/whatsnew/1.4.rst
index cf10befe696..65925e176a5 100644
--- a/share/doc/src/whatsnew/1.4.rst
+++ b/share/doc/src/whatsnew/1.4.rst
@@ -21,6 +21,10 @@
    :depth: 1
    :local:
 
+.. warning::
+
+   :ref:`release/1.4.x` is affected by the issue described in :ref:`cve/2014-2668`.
+   Upgrading to a more recent release is strongly recommended.
 
 .. _release/1.4.x/upgrade:
 
diff --git a/share/doc/src/whatsnew/1.5.rst b/share/doc/src/whatsnew/1.5.rst
index 7f2d7509c37..1b7539a253f 100644
--- a/share/doc/src/whatsnew/1.5.rst
+++ b/share/doc/src/whatsnew/1.5.rst
@@ -21,6 +21,11 @@
    :depth: 1
    :local:
 
+.. warning::
+
+   :ref:`release/1.5.1` contains important security fixes. Previous `1.5.x`
+   releases are not recommended for regular usage.
+
 .. _release/1.5.1:
 
 Version 1.5.1
@@ -28,7 +33,7 @@ Version 1.5.1
 
 * Add the ``max_count`` option (:ref:`config/uuids`) to allow rate-limiting
   the amount of UUIDs that can be requested from the :ref:`api/server/uuids`
-  handler in a single request.
+  handler in a single request (:ref:`CVE 2014-2668 <cve/2014-2668>`).
 
 .. _release/1.5.0:
 

From cd5220ff68856f8e17835595c1f91b0c58214310 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Tue, 15 Apr 2014 09:13:19 +0200
Subject: [PATCH 16/57] Update 1.6.0 notes with proper CVE-2014-2668 note

---
 share/doc/src/whatsnew/1.6.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index 8ddbea1a701..d99bb0b411e 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -33,9 +33,6 @@ as deprecated and will be removed in future releases. It's strongly recommended
 to update :config:option:`httpd/authentication_handlers` option with new value
 in case if you had used such handler.
 
-Note that this release also contains the security fix for CVE-2014-2668 that
-was first fixed in :ref:`release/1.5.1`.
-
 .. _release/1.6.0:
 
 Version 1.6.0
@@ -44,6 +41,9 @@ Version 1.6.0
 * Fauxton: many improvements in our experimental new user interface, including
   switching the code editor from CodeMirror to Ace as well as better support
   for various browsers.
+* Add the ``max_count`` option (:ref:`config/uuids`) to allow rate-limiting
+  the amount of UUIDs that can be requested from the :ref:`api/server/uuids`
+  handler in a single request (:ref:`CVE 2014-2668 <cve/2014-2668>`).
 * :issue:`1986`: increase socket buffer size to improve replication speed
   for large documents and attachments, and fix tests on BSD-like systems.
   :commit:`9a0e561b`

From efc77b40a27c32767aa2b6d3f79a2c3c93d9670d Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Tue, 15 Apr 2014 09:35:21 +0200
Subject: [PATCH 17/57] Add CVE-214-2668 documentation to build system

---
 share/doc/build/Makefile.am | 1 +
 1 file changed, 1 insertion(+)

diff --git a/share/doc/build/Makefile.am b/share/doc/build/Makefile.am
index f332e5c5510..86351f469a0 100644
--- a/share/doc/build/Makefile.am
+++ b/share/doc/build/Makefile.am
@@ -390,6 +390,7 @@ src_files = \
     ../src/cve/2012-5641.rst \
     ../src/cve/2012-5649.rst \
     ../src/cve/2012-5650.rst \
+    ../src/cve/2014-2668.rst \
     ../src/cve/index.rst \
     ../src/fauxton/addons.rst \
     ../src/fauxton/index.rst \

From 6f067492d8a7ee1b863abde2bf55bb92c14dfd50 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Tue, 15 Apr 2014 10:20:31 +0200
Subject: [PATCH 18/57] Add some more files to the build system

---
 share/doc/build/Makefile.am | 1 +
 src/Makefile.am             | 2 ++
 test/etap/Makefile.am       | 1 +
 3 files changed, 4 insertions(+)

diff --git a/share/doc/build/Makefile.am b/share/doc/build/Makefile.am
index 86351f469a0..92ec2ff7cdb 100644
--- a/share/doc/build/Makefile.am
+++ b/share/doc/build/Makefile.am
@@ -450,6 +450,7 @@ src_files_html = \
     ../templates/layout.html \
     ../templates/help.html \
     ../templates/searchbox.html \
+    ../templates/tracing.html \
     ../templates/utilities.html
 
 sphinx_extensions = \
diff --git a/src/Makefile.am b/src/Makefile.am
index c574c6e1798..a17674cc3b3 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -326,12 +326,14 @@ FAUXTON_FILES = \
     fauxton/assets/less/variables.less \
     fauxton/bin/grunt \
     fauxton/couchapp.js \
+    fauxton/extensions.md \
     fauxton/favicon.ico \
     fauxton/Gruntfile.js \
     fauxton/index.html \
     fauxton/package.json \
     fauxton/readme.md \
     fauxton/settings.json.default \
+    fauxton/settings.json.dev \
     fauxton/settings.json.sample_external \
     fauxton/tasks/addon/rename.json \
     fauxton/tasks/addon/root/base.js.underscore \
diff --git a/test/etap/Makefile.am b/test/etap/Makefile.am
index 66048a9b6f8..c9778ca6ecf 100644
--- a/test/etap/Makefile.am
+++ b/test/etap/Makefile.am
@@ -50,6 +50,7 @@ tap_files = \
     041-uuid-gen-utc.ini \
     041-uuid-gen.t \
     042-work-queue.t \
+    043-find-in-binary.t \
     050-stream.t \
     060-kt-merging.t \
     061-kt-missing-leaves.t \

From aa3d906d606ff5fe97c5dea83ca923295d725759 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Tue, 15 Apr 2014 11:04:38 +0200
Subject: [PATCH 19/57] Sometimes one extra character makes all the difference

---
 share/doc/build/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/doc/build/Makefile.am b/share/doc/build/Makefile.am
index 92ec2ff7cdb..7b95d0d4163 100644
--- a/share/doc/build/Makefile.am
+++ b/share/doc/build/Makefile.am
@@ -450,7 +450,7 @@ src_files_html = \
     ../templates/layout.html \
     ../templates/help.html \
     ../templates/searchbox.html \
-    ../templates/tracing.html \
+    ../templates/tracking.html \
     ../templates/utilities.html
 
 sphinx_extensions = \

From 26153741c71f6949478f10226ce06a7b611f4c85 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Tue, 15 Apr 2014 22:14:30 +0400
Subject: [PATCH 20/57] Fix 231-cors test suite bad plan and duplicate start
 for dep apps

---
 test/etap/231-cors.t | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t
index dd08ca847d1..0d79310bef6 100644
--- a/test/etap/231-cors.t
+++ b/test/etap/231-cors.t
@@ -32,7 +32,7 @@ server() ->
 main(_) ->
     test_util:init_code_path(),
 
-    etap:plan(28),
+    etap:plan(25),
     case (catch test()) of
         ok ->
             etap:end_tests();
@@ -58,10 +58,6 @@ cycle_db(DbName) ->
     Db.
 
 test() ->
-
-    ibrowse:start(),
-    crypto:start(),
-
     %% launch couchdb
     couch_server_sup:start_link(test_util:config_files()),
 

From 26cff2d51473cbc8c0dfc655b2dbb986493bbcb8 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Tue, 15 Apr 2014 22:15:09 +0400
Subject: [PATCH 21/57] Actually, run the test case for COUCHDB-1697

---
 test/etap/231-cors.t | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t
index 0d79310bef6..c568e79a1ab 100644
--- a/test/etap/231-cors.t
+++ b/test/etap/231-cors.t
@@ -32,7 +32,7 @@ server() ->
 main(_) ->
     test_util:init_code_path(),
 
-    etap:plan(25),
+    etap:plan(26),
     case (catch test()) of
         ok ->
             etap:end_tests();
@@ -87,6 +87,7 @@ test() ->
     test_db1_origin_request(),
     test_preflight_with_port1(),
     test_preflight_with_scheme1(),
+    test_if_none_match_header(),
 
     ok = couch_config:set("cors", "origins", "http://example.com:5984", false),
     test_preflight_with_port2(),

From cf3e19f88d224a828cef96cc1155c6c23484bc22 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Tue, 29 Apr 2014 17:51:15 +0400
Subject: [PATCH 22/57] Fix 231-cors.t test suite (again)

That's interesting issue: couch_passwords:hash_admin_password accepts
password as binary string, but list one had been passed instead. This
causes crush with function_clause reason. Ok, but this crush left
hidden for R15/R16 - only R14 shows stack trace in output and alerts
that's something wrong. To be honest, *sometimes* it's also possible
to reproduce this test suite crush with modern Erlang releases,
but it will be about Bad Plan: planned 27 test, but run only 26.
Nothing specific.

So, silent crush prevented other tests to be run and also counted by
the plan. Now this is fixed.
---
 test/etap/231-cors.t | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t
index c568e79a1ab..2f420d1c437 100644
--- a/test/etap/231-cors.t
+++ b/test/etap/231-cors.t
@@ -32,7 +32,7 @@ server() ->
 main(_) ->
     test_util:init_code_path(),
 
-    etap:plan(26),
+    etap:plan(29),
     case (catch test()) of
         ok ->
             etap:end_tests();
@@ -133,7 +133,7 @@ test() ->
     % test multiple per-host configuration
 
     %% do tests with auth
-    ok = set_admin_password("test", "test"),
+    ok = set_admin_password("test", <<"test">>),
 
     test_db_preflight_auth_request(),
     test_db_origin_auth_request(),

From 9f65fbe8ca5203483001b78ff2612879f4fa9e3c Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Wed, 30 Apr 2014 00:11:41 +0400
Subject: [PATCH 23/57] Fix race condition in test suite on checking ref count

The issue happened from time to time on CentOS system: one, two or few
tests failed because ref count wasn't decremented till the very moment
when this value was requested and the result returned back. Adding
sleep timeout helps to synchronise calls and while 0.1 sec sleep is
good, but not enough - with 0.2 sleep floating errors happens no more.
---
 test/etap/200-view-group-no-db-leaks.t | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/etap/200-view-group-no-db-leaks.t b/test/etap/200-view-group-no-db-leaks.t
index b711ac85302..9583d098433 100755
--- a/test/etap/200-view-group-no-db-leaks.t
+++ b/test/etap/200-view-group-no-db-leaks.t
@@ -212,6 +212,7 @@ get_db_ref_counter() ->
 check_db_ref_count() ->
     {ok, #db{fd_ref_counter = Ref} = Db} = couch_db:open_int(test_db_name(), []),
     ok = couch_db:close(Db),
+    timer:sleep(200),  % sleep a bit to prevent race condition
     etap:is(couch_ref_counter:count(Ref), 2,
         "DB ref counter is only held by couch_db and couch_db_updater"),
     ok.

From f5e5b37faf12b2388ae1ce03209dc6a53a868f33 Mon Sep 17 00:00:00 2001
From: Wendall Cada <wendallc@83864.com>
Date: Tue, 29 Apr 2014 14:35:38 -0700
Subject: [PATCH 24/57] Added missing build requirements for Centos/RHEL
 environments.

---
 INSTALL.Unix                   | 16 ++++++++--------
 share/doc/src/install/unix.rst | 15 ++++++++-------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/INSTALL.Unix b/INSTALL.Unix
index a07055884db..965bb34ec28 100644
--- a/INSTALL.Unix
+++ b/INSTALL.Unix
@@ -94,20 +94,20 @@ RedHat-based (Fedora, Centos, RHEL) Systems
 
 You can install the dependencies by running:
 
-    sudo yum groupinstall "Development Tools"
     sudo yum install autoconf
     sudo yum install autoconf-archive
     sudo yum install automake
-    sudo yum install libtool
-    sudo yum install perl-Test-Harness
-    sudo yum install erlang-etap
+    sudo yum install curl-devel
+    sudo yum install erlang-asn1
     sudo yum install erlang-erts
-    sudo yum install erlang-os_mon
     sudo yum install erlang-eunit
-    sudo yum install libicu-devel
+    sudo yum install erlang-os_mon
+    sudo yum install erlang-xmerl
+    sudo yum install help2man
     sudo yum install js-devel
-    sudo yum install curl-devel
-    sudo yum install pkg-config
+    sudo yum install libicu-devel
+    sudo yum install libtool
+    sudo yum install perl-Test-Harness
 
 While CouchDB builds against the default js-devel-1.7.0 included in
 some distributions, it's recommended to use a more recent
diff --git a/share/doc/src/install/unix.rst b/share/doc/src/install/unix.rst
index 05e0459936e..9c1084c45b4 100644
--- a/share/doc/src/install/unix.rst
+++ b/share/doc/src/install/unix.rst
@@ -102,19 +102,20 @@ RedHat-based (Fedora, Centos, RHEL) Systems
 
 You can install the dependencies by running::
 
-    sudo yum groupinstall "Development Tools"
     sudo yum install autoconf
     sudo yum install autoconf-archive
     sudo yum install automake
-    sudo yum install libtool
-    sudo yum install perl-Test-Harness
-    sudo yum install erlang-etap
+    sudo yum install curl-devel
+    sudo yum install erlang-asn1
     sudo yum install erlang-erts
-    sudo yum install erlang-os_mon
     sudo yum install erlang-eunit
-    sudo yum install libicu-devel
+    sudo yum install erlang-os_mon
+    sudo yum install erlang-xmerl
+    sudo yum install help2man
     sudo yum install js-devel
-    sudo yum install curl-devel
+    sudo yum install libicu-devel
+    sudo yum install libtool
+    sudo yum install perl-Test-Harness
 
 While CouchDB builds against the default js-devel-1.7.0 included in some
 distributions, it's recommended to use a more recent js-devel-1.8.5.

From eef869330b0203fc262e9eff3e86e1d8dc521228 Mon Sep 17 00:00:00 2001
From: Kyle Snavely <ksnavely@cloudant.com>
Date: Thu, 1 May 2014 11:57:42 -0400
Subject: [PATCH 25/57] Use <%- when interpolating XSS targets

  - I tried to not be super heavy handed, only using <%- for values that
    could be set with XSS payloads or otherwise come from a user/data.

Conflicts:
	src/fauxton/app/addons/auth/templates/nav_link_title.html
---
 src/fauxton/app/addons/auth/templates/nav_dropdown.html     | 2 +-
 src/fauxton/app/addons/auth/templates/nav_link_title.html   | 2 +-
 src/fauxton/app/addons/config/templates/item.html           | 6 +++---
 src/fauxton/app/addons/documents/templates/changes.html     | 2 +-
 src/fauxton/app/addons/documents/templates/ddoc_info.html   | 2 +-
 .../addons/documents/templates/delete_database_modal.html   | 2 +-
 .../app/addons/documents/templates/design_doc_selector.html | 6 +++---
 src/fauxton/app/addons/documents/templates/doc.html         | 4 ++--
 src/fauxton/app/addons/permissions/templates/section.html   | 2 +-
 src/fauxton/app/addons/replication/templates/form.html      | 2 +-
 src/fauxton/app/addons/replication/templates/progress.html  | 4 ++--
 11 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/fauxton/app/addons/auth/templates/nav_dropdown.html b/src/fauxton/app/addons/auth/templates/nav_dropdown.html
index d61c24a8825..983b5f7f323 100644
--- a/src/fauxton/app/addons/auth/templates/nav_dropdown.html
+++ b/src/fauxton/app/addons/auth/templates/nav_dropdown.html
@@ -14,7 +14,7 @@
 
 <div id="sidenav">
 <header class="row-fluid">
-  <h3> <%= user.name %> </h3>
+  <h3> <%- user.name %> </h3>
 </header>
 <nav>
 <ul class="nav nav-list">
diff --git a/src/fauxton/app/addons/auth/templates/nav_link_title.html b/src/fauxton/app/addons/auth/templates/nav_link_title.html
index 863955cb34a..20f40a7d4ab 100644
--- a/src/fauxton/app/addons/auth/templates/nav_link_title.html
+++ b/src/fauxton/app/addons/auth/templates/nav_link_title.html
@@ -20,7 +20,7 @@
 <% } else if (user) { %>
   <a  href="#changePassword" >
   	<span class="fonticon-user fonticon"></span> 
-  	<%= user.name %> 
+  	<%- user.name %>
 	</a>
 <% } else { %>
   <a  href="#login" >  
diff --git a/src/fauxton/app/addons/config/templates/item.html b/src/fauxton/app/addons/config/templates/item.html
index 8af9a50ed6e..f5fd73ec7a1 100644
--- a/src/fauxton/app/addons/config/templates/item.html
+++ b/src/fauxton/app/addons/config/templates/item.html
@@ -13,13 +13,13 @@
 -->
 
 <% if (option.index === 0) {%>
-<th> <%= option.section %> </th>
+<th> <%- option.section %> </th>
 <% } else { %>
 <td></td>
 <% } %>
 <td class="js-edit-value"> 
   <div class="js-show-value">
-    <%= option.name %>
+    <%- option.name %>
   </div>
   <div class="js-edit-value-form js-hidden">
     <input class="js-value-input" type="text" name="name" value="<%- option.name %>" />
@@ -29,7 +29,7 @@
 </td>
 <td class="js-edit-value">
   <div class="js-show-value">
-    <%= option.value %>
+    <%- option.value %>
   </div>
   <div class="js-edit-value-form js-hidden">
     <input class="js-value-input" type="text" name="value" value="<%- option.value %>" />
diff --git a/src/fauxton/app/addons/documents/templates/changes.html b/src/fauxton/app/addons/documents/templates/changes.html
index 5978e839e0b..d038361c8d6 100644
--- a/src/fauxton/app/addons/documents/templates/changes.html
+++ b/src/fauxton/app/addons/documents/templates/changes.html
@@ -36,7 +36,7 @@
           <% if (change.deleted) { %>
             <%= change.id %>
           <% } else { %>
-            <a href="#<%= database.url('app') %>/<%= safeURL(change.id) %>"><%= change.id %></a>
+            <a href="#<%- database.url('app') %>/<%- safeURL(change.id) %>"><%= change.id %></a>
           <% } %>    </div>
         <div class="span2 text-right">
           <a class="js-copy" data-clipboard-text="<%= change.id %>" data-bypass="true" href="#">
diff --git a/src/fauxton/app/addons/documents/templates/ddoc_info.html b/src/fauxton/app/addons/documents/templates/ddoc_info.html
index ed0aed6a7b3..b33e49b1a99 100644
--- a/src/fauxton/app/addons/documents/templates/ddoc_info.html
+++ b/src/fauxton/app/addons/documents/templates/ddoc_info.html
@@ -18,7 +18,7 @@ <h2> Design Doc MetaData </h2>
 		<% if(i%2==0){%>
 			<div class="row-fluid">
 		<% }; %>
-	    <div class="span6 well-item"><strong> <%= key %></strong> : <%= val %>  </div>
+	    <div class="span6 well-item"><strong> <%- key %></strong> : <%- val %>  </div>
 	    <% if(i%2==1){%>
 			</div>
 		<% }; %>
diff --git a/src/fauxton/app/addons/documents/templates/delete_database_modal.html b/src/fauxton/app/addons/documents/templates/delete_database_modal.html
index 7ea3bc47e61..2b5448cbde6 100644
--- a/src/fauxton/app/addons/documents/templates/delete_database_modal.html
+++ b/src/fauxton/app/addons/documents/templates/delete_database_modal.html
@@ -20,7 +20,7 @@ <h3>Delete Database</h3>
   <div class="modal-body">
     <form id="delete-db-check" class="form" method="post">
       <p>
-      You've asked to <b>permanently delete</b> <code><%= database.id %></code>.
+      You've asked to <b>permanently delete</b> <code><%- database.id %></code>.
       Please enter the database name below to confirm the deletion of the
       database and all documents and attachments within.
       </p>
diff --git a/src/fauxton/app/addons/documents/templates/design_doc_selector.html b/src/fauxton/app/addons/documents/templates/design_doc_selector.html
index 7bbe310211d..b8f8b3f4b01 100644
--- a/src/fauxton/app/addons/documents/templates/design_doc_selector.html
+++ b/src/fauxton/app/addons/documents/templates/design_doc_selector.html
@@ -12,15 +12,15 @@
 the License.
 -->
 <div class="span3">
-  <label for="ddoc">Save to Design Document <a href="<%=getDocUrl('design_doc')%>" target="_blank"><i class="icon-question-sign"></i></a></label>
+  <label for="ddoc">Save to Design Document <a href="<%-getDocUrl('design_doc')%>" target="_blank"><i class="icon-question-sign"></i></a></label>
   <select id="ddoc">
     <optgroup label="Select a document">
       <option value="new-doc">New document</option>
       <% ddocs.each(function(ddoc) { %>
       <% if (ddoc.id === ddocName) { %>
-      <option selected="selected" value="<%= ddoc.id %>"><%= ddoc.id %></option>
+      <option selected="selected" value="<%- ddoc.id %>"><%- ddoc.id %></option>
       <% } else { %>
-      <option value="<%= ddoc.id %>"><%= ddoc.id %></option>
+      <option value="<%- ddoc.id %>"><%- ddoc.id %></option>
       <% } %>
       <% }); %>
     </optgroup>
diff --git a/src/fauxton/app/addons/documents/templates/doc.html b/src/fauxton/app/addons/documents/templates/doc.html
index 94338680a81..e9a46cfec00 100644
--- a/src/fauxton/app/addons/documents/templates/doc.html
+++ b/src/fauxton/app/addons/documents/templates/doc.html
@@ -31,8 +31,8 @@
       <ul class="dropdown-menu">
         <%_.each(attachments, function (att) { %>
         <li>
-        <a href="<%= att.url %>" target="_blank"> <strong> <%= att.fileName %> </strong> -
-          <span> <%= att.contentType %>, <%= formatSize(att.size)%> </span>
+        <a href="<%- att.url %>" target="_blank"> <strong> <%- att.fileName %> </strong> -
+          <span> <%- att.contentType %>, <%- formatSize(att.size)%> </span>
         </a>
         </li>
         <% }) %>
diff --git a/src/fauxton/app/addons/permissions/templates/section.html b/src/fauxton/app/addons/permissions/templates/section.html
index 0459562b16a..fe228f5ff1f 100644
--- a/src/fauxton/app/addons/permissions/templates/section.html
+++ b/src/fauxton/app/addons/permissions/templates/section.html
@@ -13,7 +13,7 @@
 -->
 <header class="page-header">
 <h3> <%= (section) %> </h3>
-<p class="help"> <%= help %> <a href="<%=getDocUrl('database_permission')%>" target="_blank"><i class="icon-question-sign"> </i> </a></p>
+<p class="help"> <%= help %> <a href="<%-getDocUrl('database_permission')%>" target="_blank"><i class="icon-question-sign"> </i> </a></p>
 </header>
 
 <div class="row-fluid">
diff --git a/src/fauxton/app/addons/replication/templates/form.html b/src/fauxton/app/addons/replication/templates/form.html
index 32a87dca3b2..342a4fd9a31 100644
--- a/src/fauxton/app/addons/replication/templates/form.html
+++ b/src/fauxton/app/addons/replication/templates/form.html
@@ -63,7 +63,7 @@
 
 			<label for="createTarget">
 				<input type="checkbox" name="create_target" value="true" id="createTarget">
-				Create Target <a href="<%=getDocUrl('replication_doc')%>" target="_blank"><i class="icon-question-sign" rel="tooltip" title="Create the target database"></i></a>
+				Create Target <a href="<%-getDocUrl('replication_doc')%>" target="_blank"><i class="icon-question-sign" rel="tooltip" title="Create the target database"></i></a>
 			</label>
 		</div>
 
diff --git a/src/fauxton/app/addons/replication/templates/progress.html b/src/fauxton/app/addons/replication/templates/progress.html
index 1e6ef9018a2..ea9d6c31160 100644
--- a/src/fauxton/app/addons/replication/templates/progress.html
+++ b/src/fauxton/app/addons/replication/templates/progress.html
@@ -11,12 +11,12 @@
 License for the specific language governing permissions and limitations under
 the License.
 -->
-<p class="span6 break">Replicating <strong><%=source%></strong> to <strong><%=target%></strong></p>
+<p class="span6 break">Replicating <strong><%-source%></strong> to <strong><%-target%></strong></p>
 
 <div class="span4 progress progress-striped active">
   <div class="bar" style="width: <%=progress || 0%>%;"><%=progress || "0"%>%</div>
 </div>
 
 <span class="span1">
-	<button class="cancel btn btn-danger btn-large delete" data-source="<%=source%>"  data-rep-id="<%=repid%>" data-continuous="<%=continuous%>" data-target="<%=target%>">Cancel</a>
+	<button class="cancel btn btn-danger btn-large delete" data-source="<%-source%>"  data-rep-id="<%-repid%>" data-continuous="<%-continuous%>" data-target="<%-target%>">Cancel</a>
 </span>

From d0c712f892fdbab34496359f3eec7e3291110409 Mon Sep 17 00:00:00 2001
From: Joan Touzet <wohali@apache.org>
Date: Mon, 21 Apr 2014 01:30:01 -0400
Subject: [PATCH 26/57] When backgrounding couchdb, close stdout/stderr

COUCHDB-2220
COUCHDB-1669
---
 bin/couchdb.tpl.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bin/couchdb.tpl.in b/bin/couchdb.tpl.in
index 538ebcbce47..f2027f1ecb9 100644
--- a/bin/couchdb.tpl.in
+++ b/bin/couchdb.tpl.in
@@ -270,6 +270,9 @@ start_couchdb () {
         echo "Apache CouchDB has started, time to relax."
     else
         if test "$RECURSED" = "true"; then
+            # close stdout / stderr
+            exec 1>&-
+            exec 2>&-
             while true; do
                 export HEART_COMMAND
                 export HEART_BEAT_TIMEOUT

From 8ff9286590aae1df5bcd6875df97cb09457fade7 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Mon, 5 May 2014 14:50:16 +0400
Subject: [PATCH 27/57] Apply workaround fix for replication checkpoints test
 against R14B01

R14B01 and R14B02 both are affected to OTP-9167 Erlang issue which
causes 4 tests failure because supervisor restarts worker with old
ChildSpec ignoring changes in use_checkpoint options.

This fix makes all tests passed, but leaves a notice in verbose mode
that there is a problem and how it could be resolved.

Another possible solution is to isolate test_use_checkpoints calls, but
this will be only hide the issue while it still may happened in prod.
---
 .../test/07-use-checkpoints.t                 | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/couch_replicator/test/07-use-checkpoints.t b/src/couch_replicator/test/07-use-checkpoints.t
index cefc1a7e367..a3295c7a14a 100755
--- a/src/couch_replicator/test/07-use-checkpoints.t
+++ b/src/couch_replicator/test/07-use-checkpoints.t
@@ -94,6 +94,7 @@ test() ->
     couch_server_sup:start_link(test_util:config_files()),
     ibrowse:start(),
 
+    % order matters
     test_use_checkpoints(false),
     test_use_checkpoints(true),
 
@@ -122,7 +123,23 @@ test_use_checkpoints(UseCheckpoints) ->
         fun({finished, _, {CheckpointHistory}}) ->
             SessionId = lists:keyfind(
                 <<"session_id">>, 1, CheckpointHistory),
-            etap:isnt(SessionId, false, "There's a checkpoint");
+            case SessionId of
+                false ->
+                    OtpRel = erlang:system_info(otp_release),
+                    case OtpRel >= "R14B01" orelse OtpRel < "R14B03" of
+                        false ->
+                            etap:bail("Checkpoint expected, but not found");
+                        true ->
+                            etap:ok(true,
+                                " Checkpoint expected, but wan't found."
+                                " Your Erlang " ++ OtpRel ++ " version is"
+                                " affected to OTP-9167 issue which causes"
+                                " failure of this test. Try to upgrade Erlang"
+                                " and if this failure repeats file the bug.")
+                    end;
+                _ ->
+                    etap:ok(true, "There's a checkpoint")
+            end;
         (_) ->
             ok
         end

From 1d98746445e92366df5d18a5de2daa3740d61274 Mon Sep 17 00:00:00 2001
From: Dave Cottlehuber <dch@apache.org>
Date: Thu, 13 Mar 2014 10:27:29 +0100
Subject: [PATCH 28/57] build: detect new erlang version format correctly

- OTP 17.0 uses a different numbering system for releases and patches, but not semver.org
- the major version number will be bumped for the first time in 4 years
---
 configure.ac | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 57a4268a405..dadbf029529 100644
--- a/configure.ac
+++ b/configure.ac
@@ -411,23 +411,25 @@ esac
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking Erlang version compatibility" >&5
 $as_echo_n "checking Erlang version compatibility... " >&6; }
-erlang_version_error="The installed Erlang version must be >= R14B (erts-5.8.1) and <R17 (erts-5.11)"
+erlang_version_error="The installed Erlang version must be >= R14B (erts-5.8.1) and =< 17 (erts-6.0)"
 
 version="`${ERL} -version 2>&1 | ${SED} 's/[[^0-9]]/ /g'` 0 0 0"
 major_version=`echo $version | ${AWK} "{print \\$1}"`
 minor_version=`echo $version | ${AWK} "{print \\$2}"`
 patch_version=`echo $version | ${AWK} "{print \\$3}"`
+echo -n "detected Erlang version: $major_version.$minor_version.$patch_version..."
 
-if test $major_version -ne 5; then
-    as_fn_error $? "$erlang_version_error" "$LINENO" 5
+if test $major_version -lt 5 -o $major_version -gt 6; then
+    as_fn_error $? "$erlang_version_error major_version does not match" "$LINENO" 5
 fi
 
-if test $minor_version -lt 8 -o $minor_version -gt 10; then
-    as_fn_error $? "$erlang_version_error" "$LINENO" 5
+if test $major_version -eq 5 -a $minor_version -lt 8; then
+    as_fn_error $? "$erlang_version_error minor_version does not match" "$LINENO" 5
 fi
 
 AC_MSG_RESULT(compatible)
 
+# returns 17 for erts-6.0, and R14B03 or similar for earlier releases
 otp_release="`\
     ${ERL} -noshell \
     -eval 'io:put_chars(erlang:system_info(otp_release)).' \
@@ -435,8 +437,10 @@ otp_release="`\
 
 AC_SUBST(otp_release)
 
-AM_CONDITIONAL([USE_OTP_NIFS], [test x$otp_release \> xR13B03])
-AM_CONDITIONAL([USE_EJSON_COMPARE_NIF], [test x$otp_release \> xR14B03])
+AM_CONDITIONAL([USE_OTP_NIFS],
+    [test x$otp_release \> xR14B -o $otp_release -ge 17 ])
+AM_CONDITIONAL([USE_EJSON_COMPARE_NIF],
+    [test x$otp_release \> xR14B03])
 
 has_crypto=`\
     ${ERL} -eval "\

From ce2a9fc19c066c7f1c9aeea937497c9ca246a23c Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Thu, 1 May 2014 19:13:13 +0400
Subject: [PATCH 29/57] Fix comparison warning on ./configure

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index dadbf029529..b1c005db929 100644
--- a/configure.ac
+++ b/configure.ac
@@ -438,7 +438,7 @@ otp_release="`\
 AC_SUBST(otp_release)
 
 AM_CONDITIONAL([USE_OTP_NIFS],
-    [test x$otp_release \> xR14B -o $otp_release -ge 17 ])
+    [test x$otp_release \> xR14B])
 AM_CONDITIONAL([USE_EJSON_COMPARE_NIF],
     [test x$otp_release \> xR14B03])
 

From 37af7619c745438984367bf7c0f561ead82821a1 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Fri, 2 May 2014 02:23:17 +0400
Subject: [PATCH 30/57] Fix setting autoconf flags for using nifs

---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index b1c005db929..103f02999f8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -438,9 +438,9 @@ otp_release="`\
 AC_SUBST(otp_release)
 
 AM_CONDITIONAL([USE_OTP_NIFS],
-    [test x$otp_release \> xR14B])
+    [can_use_nifs=$(echo $otp_release | grep -E "^(R14B|R15|R16|17)")])
 AM_CONDITIONAL([USE_EJSON_COMPARE_NIF],
-    [test x$otp_release \> xR14B03])
+    [can_use_ejson=$(echo $otp_release | grep -E "^(R14B03|R15|R16|17)")])
 
 has_crypto=`\
     ${ERL} -eval "\

From 1a0822862c2410143f3d2a4a508d72520e8f21a7 Mon Sep 17 00:00:00 2001
From: Dave Cottlehuber <dch@apache.org>
Date: Mon, 28 Apr 2014 13:47:59 +0200
Subject: [PATCH 31/57] docs: update supported Erlang/OTP and SpiderMonkey
 versions

- matches what the code can support after last Mochiweb update
- update .travis.yml file to match 17.0 release
- update docs
---
 .travis.yml                      |  5 ++--
 INSTALL.Unix                     |  4 +--
 share/doc/build/Makefile.am      |  3 +++
 share/doc/src/install/unix.rst   |  4 +--
 share/doc/src/whatsnew/1.7.rst   | 42 ++++++++++++++++++++++++++++++++
 share/doc/src/whatsnew/index.rst |  1 +
 6 files changed, 53 insertions(+), 6 deletions(-)
 create mode 100644 share/doc/src/whatsnew/1.7.rst

diff --git a/.travis.yml b/.travis.yml
index f90895d369e..1bddb6a993f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,7 +4,7 @@ before_install:
    - sudo apt-get -y install libtool automake autoconf autoconf-archive
    - sudo apt-get -y install texlive-latex-base texlive-latex-recommended
    - sudo apt-get -y install texlive-latex-extra texlive-fonts-recommended texinfo
-   - sudo apt-get -y install python-pygments python-docutils python-sphinx 
+   - sudo apt-get -y install python-pygments python-docutils python-sphinx
 before_script: ./bootstrap && ./configure
 script:
    - make distcheck
@@ -13,6 +13,7 @@ script:
    - grunt test
 language: erlang
 otp_release:
-   - R16B
+   - 17.0
+   - R16B03-1
    - R15B03
    - R14B04
diff --git a/INSTALL.Unix b/INSTALL.Unix
index 965bb34ec28..f66f98cf0bd 100644
--- a/INSTALL.Unix
+++ b/INSTALL.Unix
@@ -39,10 +39,10 @@ Dependencies
 
 You should have the following installed:
 
- * Erlang OTP (>=R13B04, <R17)  (http://erlang.org/)
+ * Erlang OTP (>=R14B01, =<R17) (http://erlang.org/)
  * ICU                          (http://icu-project.org/)
  * OpenSSL                      (http://www.openssl.org/)
- * Mozilla SpiderMonkey (1.7)   (http://www.mozilla.org/js/spidermonkey/)
+ * Mozilla SpiderMonkey (1.8.5) (http://www.mozilla.org/js/spidermonkey/)
  * GNU Make                     (http://www.gnu.org/software/make/)
  * GNU Compiler Collection      (http://gcc.gnu.org/)
  * libcurl                      (http://curl.haxx.se/libcurl/)
diff --git a/share/doc/build/Makefile.am b/share/doc/build/Makefile.am
index 7b95d0d4163..42b6d19b12e 100644
--- a/share/doc/build/Makefile.am
+++ b/share/doc/build/Makefile.am
@@ -161,6 +161,7 @@ html_files = \
     html/_sources/whatsnew/1.4.txt \
     html/_sources/whatsnew/1.5.txt \
     html/_sources/whatsnew/1.6.txt \
+    html/_sources/whatsnew/1.7.txt \
     html/_sources/whatsnew/index.txt \
     html/_sources/about.txt \
     html/_sources/contents.txt \
@@ -283,6 +284,7 @@ html_files = \
     html/whatsnew/1.4.html \
     html/whatsnew/1.5.html \
     html/whatsnew/1.6.html \
+    html/whatsnew/1.7.html \
     html/whatsnew/index.html \
     html/about.html \
     html/config-ref.html \
@@ -432,6 +434,7 @@ src_files = \
     ../src/whatsnew/1.4.rst \
     ../src/whatsnew/1.5.rst \
     ../src/whatsnew/1.6.rst \
+    ../src/whatsnew/1.7.rst \
     ../src/whatsnew/index.rst \
     ../src/about.rst \
     ../src/contents.rst \
diff --git a/share/doc/src/install/unix.rst b/share/doc/src/install/unix.rst
index 9c1084c45b4..76fe9225721 100644
--- a/share/doc/src/install/unix.rst
+++ b/share/doc/src/install/unix.rst
@@ -52,10 +52,10 @@ Dependencies
 
 You should have the following installed:
 
-* `Erlang OTP (>=R13B04, <R17)  <http://erlang.org/>`_
+* `Erlang OTP (>=R14B01, =<R17) <http://erlang.org/>`_
 * `ICU                          <http://icu-project.org/>`_
 * `OpenSSL                      <http://www.openssl.org/>`_
-* `Mozilla SpiderMonkey (1.7)   <http://www.mozilla.org/js/spidermonkey/>`_
+* `Mozilla SpiderMonkey (1.8.5) <http://www.mozilla.org/js/spidermonkey/>`_
 * `GNU Make                     <http://www.gnu.org/software/make/>`_
 * `GNU Compiler Collection      <http://gcc.gnu.org/>`_
 * `libcurl                      <http://curl.haxx.se/libcurl/>`_
diff --git a/share/doc/src/whatsnew/1.7.rst b/share/doc/src/whatsnew/1.7.rst
new file mode 100644
index 00000000000..69be11b022e
--- /dev/null
+++ b/share/doc/src/whatsnew/1.7.rst
@@ -0,0 +1,42 @@
+.. Licensed under the Apache License, Version 2.0 (the "License"); you may not
+.. use this file except in compliance with the License. You may obtain a copy of
+.. the License at
+..
+..   http://www.apache.org/licenses/LICENSE-2.0
+..
+.. Unless required by applicable law or agreed to in writing, software
+.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+.. License for the specific language governing permissions and limitations under
+.. the License.
+
+
+.. _release/1.7.x:
+
+============
+1.7.x Branch
+============
+
+.. contents::
+   :depth: 1
+   :local:
+
+.. _release/1.7.x/upgrade:
+
+Upgrade Notes
+=============
+
+None.
+
+.. _release/1.7.0:
+
+Version 1.7.0
+=============
+
+.. warning::
+
+   This version is not released yet.
+
+* Build System: :issue:`2200`: support Erlang/OTP 17.0
+  :commit:`78603ad`
+
diff --git a/share/doc/src/whatsnew/index.rst b/share/doc/src/whatsnew/index.rst
index 800b9eee91e..52c93173bc1 100644
--- a/share/doc/src/whatsnew/index.rst
+++ b/share/doc/src/whatsnew/index.rst
@@ -19,6 +19,7 @@ Release History
 .. toctree::
    :glob:
 
+   1.7
    1.6
    1.5
    1.4

From c2196197a9d067f6ce01cd0292b17002b971276b Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Mon, 5 May 2014 20:23:48 +0400
Subject: [PATCH 32/57] Move Erlang 17 support to 1.6.0 release

---
 share/doc/build/Makefile.am      |  3 ---
 share/doc/src/whatsnew/1.6.rst   |  1 +
 share/doc/src/whatsnew/1.7.rst   | 42 --------------------------------
 share/doc/src/whatsnew/index.rst |  1 -
 4 files changed, 1 insertion(+), 46 deletions(-)
 delete mode 100644 share/doc/src/whatsnew/1.7.rst

diff --git a/share/doc/build/Makefile.am b/share/doc/build/Makefile.am
index 42b6d19b12e..7b95d0d4163 100644
--- a/share/doc/build/Makefile.am
+++ b/share/doc/build/Makefile.am
@@ -161,7 +161,6 @@ html_files = \
     html/_sources/whatsnew/1.4.txt \
     html/_sources/whatsnew/1.5.txt \
     html/_sources/whatsnew/1.6.txt \
-    html/_sources/whatsnew/1.7.txt \
     html/_sources/whatsnew/index.txt \
     html/_sources/about.txt \
     html/_sources/contents.txt \
@@ -284,7 +283,6 @@ html_files = \
     html/whatsnew/1.4.html \
     html/whatsnew/1.5.html \
     html/whatsnew/1.6.html \
-    html/whatsnew/1.7.html \
     html/whatsnew/index.html \
     html/about.html \
     html/config-ref.html \
@@ -434,7 +432,6 @@ src_files = \
     ../src/whatsnew/1.4.rst \
     ../src/whatsnew/1.5.rst \
     ../src/whatsnew/1.6.rst \
-    ../src/whatsnew/1.7.rst \
     ../src/whatsnew/index.rst \
     ../src/about.rst \
     ../src/contents.rst \
diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index d99bb0b411e..5b971da013e 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -38,6 +38,7 @@ in case if you had used such handler.
 Version 1.6.0
 =============
 
+* :issue:`2200`: support Erlang/OTP 17.0 :commit:`35e16032`
 * Fauxton: many improvements in our experimental new user interface, including
   switching the code editor from CodeMirror to Ace as well as better support
   for various browsers.
diff --git a/share/doc/src/whatsnew/1.7.rst b/share/doc/src/whatsnew/1.7.rst
deleted file mode 100644
index 69be11b022e..00000000000
--- a/share/doc/src/whatsnew/1.7.rst
+++ /dev/null
@@ -1,42 +0,0 @@
-.. Licensed under the Apache License, Version 2.0 (the "License"); you may not
-.. use this file except in compliance with the License. You may obtain a copy of
-.. the License at
-..
-..   http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-.. License for the specific language governing permissions and limitations under
-.. the License.
-
-
-.. _release/1.7.x:
-
-============
-1.7.x Branch
-============
-
-.. contents::
-   :depth: 1
-   :local:
-
-.. _release/1.7.x/upgrade:
-
-Upgrade Notes
-=============
-
-None.
-
-.. _release/1.7.0:
-
-Version 1.7.0
-=============
-
-.. warning::
-
-   This version is not released yet.
-
-* Build System: :issue:`2200`: support Erlang/OTP 17.0
-  :commit:`78603ad`
-
diff --git a/share/doc/src/whatsnew/index.rst b/share/doc/src/whatsnew/index.rst
index 52c93173bc1..800b9eee91e 100644
--- a/share/doc/src/whatsnew/index.rst
+++ b/share/doc/src/whatsnew/index.rst
@@ -19,7 +19,6 @@ Release History
 .. toctree::
    :glob:
 
-   1.7
    1.6
    1.5
    1.4

From d1bc0a9cfe6e95b166131829b1b154027731a5d8 Mon Sep 17 00:00:00 2001
From: Christian Hogan <github@infliction.org>
Date: Fri, 2 May 2014 11:59:16 -0400
Subject: [PATCH 33/57] COUCHDB-2233 - Correct HTML interpolation instances in
 documents.

Further updating instances of <%= and to <%- within documents to correctly handle HTML interpolation.

Tested for regression in
- 34.0.1847.131
- Safari 7.0.2

Signed-off-by: Alexander Shorin <kxepal@apache.org>
---
 .../app/addons/fauxton/templates/api_bar.html |  6 ++---
 .../addons/fauxton/templates/breadcrumbs.html |  4 +--
 .../app/addons/fauxton/templates/footer.html  |  2 +-
 .../app/addons/fauxton/templates/nav_bar.html | 26 +++++++++----------
 .../fauxton/templates/notification.html       |  4 +--
 .../addons/fauxton/templates/pagination.html  | 10 +++----
 6 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/fauxton/app/addons/fauxton/templates/api_bar.html b/src/fauxton/app/addons/fauxton/templates/api_bar.html
index 4fb597172ea..8b614231113 100644
--- a/src/fauxton/app/addons/fauxton/templates/api_bar.html
+++ b/src/fauxton/app/addons/fauxton/templates/api_bar.html
@@ -20,11 +20,11 @@
     <div class="input-prepend input-append">
       <span class="add-on">
         API reference
-        <a href="<%=getDocUrl(documentation)%>" target="_blank">
+        <a href="<%-getDocUrl(documentation)%>" target="_blank">
           <i class="icon-question-sign"></i>
         </a>
       </span>
-      <input type="text" class="input-xxlarge" value="<%= endpoint %>">
-      <a href="<%= endpoint %>" target="_blank" class="btn">Show me</a>
+      <input type="text" class="input-xxlarge" value="<%- endpoint %>">
+      <a href="<%- endpoint %>" target="_blank" class="btn">Show me</a>
     </div>
 </div>
diff --git a/src/fauxton/app/addons/fauxton/templates/breadcrumbs.html b/src/fauxton/app/addons/fauxton/templates/breadcrumbs.html
index 026db89fb4e..18961b7bed3 100644
--- a/src/fauxton/app/addons/fauxton/templates/breadcrumbs.html
+++ b/src/fauxton/app/addons/fauxton/templates/breadcrumbs.html
@@ -15,10 +15,10 @@
 <ul class="breadcrumb">
   <% _.each(_.initial(crumbs), function(crumb) { %>
     <li>
-      <a href="#<%= crumb.link %>"><%= crumb.name %></a>
+      <a href="#<%- crumb.link %>"><%- crumb.name %></a>
       <span class="divider fonticon fonticon-carrot"> </span>
     </li>
   <% }); %>
   <% var last = _.last(crumbs) || {name: ''} %>
-  <li class="active"><%= last.name %></li>
+  <li class="active"><%- last.name %></li>
 </ul>
diff --git a/src/fauxton/app/addons/fauxton/templates/footer.html b/src/fauxton/app/addons/fauxton/templates/footer.html
index 593c11f38cd..591b5a80fc2 100644
--- a/src/fauxton/app/addons/fauxton/templates/footer.html
+++ b/src/fauxton/app/addons/fauxton/templates/footer.html
@@ -12,4 +12,4 @@
 the License.
 -->
 
-<p>Fauxton on <a href="http://couchdb.apache.org/">Apache CouchDB</a> <%=version%></p>
+<p>Fauxton on <a href="http://couchdb.apache.org/">Apache CouchDB</a> <%-version%></p>
diff --git a/src/fauxton/app/addons/fauxton/templates/nav_bar.html b/src/fauxton/app/addons/fauxton/templates/nav_bar.html
index 9ba24f4abc1..75641118127 100644
--- a/src/fauxton/app/addons/fauxton/templates/nav_bar.html
+++ b/src/fauxton/app/addons/fauxton/templates/nav_bar.html
@@ -25,10 +25,10 @@
   <ul id="nav-links" class="nav pull-right">
     <% _.each(navLinks, function(link) { %>
     <% if (link.view) {return;}  %>
-        <li data-nav-name= "<%= link.title %>" >
-          <a href="<%= link.href %>">
-            <i class="<%= link.icon %> fonticon"></i>
-            <%= link.title %>
+        <li data-nav-name= "<%- link.title %>" >
+          <a href="<%- link.href %>">
+            <i class="<%- link.icon %> fonticon"></i>
+            <%- link.title %>
           </a>
         </li>
     <% }); %>
@@ -38,7 +38,7 @@
 
     <ul id="bottom-nav-links" class="nav">
         <li data-nav-name= "Documentation">
-            <a href="<%=getDocUrl('docs')%>" target="_blank">
+            <a href="<%-getDocUrl('docs')%>" target="_blank">
               <i class="fonticon-bookmark fonticon"></i>
                 Documentation
             </a>
@@ -47,10 +47,10 @@
 
       <% _.each(bottomNavLinks, function(link) { %>
       <% if (link.view) {return;}  %>
-        <li data-nav-name= "<%= link.title %>">
-            <a href="<%= link.href %>">
-              <i class="<%= link.icon %> fonticon"></i>
-              <%= link.title %>
+        <li data-nav-name= "<%- link.title %>">
+            <a href="<%- link.href %>">
+              <i class="<%- link.icon %> fonticon"></i>
+              <%- link.title %>
             </a>
         </li>
       <% }); %>
@@ -59,10 +59,10 @@
     <ul id="footer-nav-links" class="nav">
       <% _.each(footerNavLinks, function(link) { %>
       <% if (link.view) {return;}  %>
-        <li data-nav-name= "<%= link.title %>">
-            <a href="<%= link.href %>">
-              <i class="<%= link.icon %> fonticon"></i>
-              <%= link.title %>
+        <li data-nav-name= "<%- link.title %>">
+            <a href="<%- link.href %>">
+              <i class="<%- link.icon %> fonticon"></i>
+              <%- link.title %>
             </a>
         </li>
       <% }); %>
diff --git a/src/fauxton/app/addons/fauxton/templates/notification.html b/src/fauxton/app/addons/fauxton/templates/notification.html
index ca8a9033aa4..1cf121b29a7 100644
--- a/src/fauxton/app/addons/fauxton/templates/notification.html
+++ b/src/fauxton/app/addons/fauxton/templates/notification.html
@@ -12,7 +12,7 @@
 the License.
 -->
 
-<div class="alert alert-<%= type %>">
+<div class="alert alert-<%- type %>">
   <button type="button" class="close" data-dismiss="alert">×</button>
-  <%= msg %>
+  <%- msg %>
 </div>
diff --git a/src/fauxton/app/addons/fauxton/templates/pagination.html b/src/fauxton/app/addons/fauxton/templates/pagination.html
index 19dfc8cfd22..0674c225abd 100644
--- a/src/fauxton/app/addons/fauxton/templates/pagination.html
+++ b/src/fauxton/app/addons/fauxton/templates/pagination.html
@@ -15,17 +15,17 @@
 <div class="pagination pagination-centered">
   <ul>
     <% if (page > 1) { %>
-    <li> <a href="<%= urlFun(page-1) %>">&laquo;</a></li>
+    <li> <a href="<%- urlFun(page-1) %>">&laquo;</a></li>
     <% } else { %>
-      <li class="disabled"> <a href="<%= urlFun(page) %>">&laquo;</a></li>
+      <li class="disabled"> <a href="<%- urlFun(page) %>">&laquo;</a></li>
     <% } %>
     <% _.each(_.range(1, totalPages+1), function(i) { %>
-      <li <% if (page == i) { %>class="active"<% } %>> <a href="<%= urlFun(i) %>"><%= i %></a></li>
+      <li <% if (page == i) { %>class="active"<% } %>> <a href="<%- urlFun(i) %>"><%- i %></a></li>
     <% }) %>
     <% if (page < totalPages) { %>
-      <li><a href="<%= urlFun(page+1) %>">&raquo;</a></li>
+      <li><a href="<%- urlFun(page+1) %>">&raquo;</a></li>
     <% } else { %>
-      <li class="disabled"> <a href="<%= urlFun(page) %>">&raquo;</a></li>
+      <li class="disabled"> <a href="<%- urlFun(page) %>">&raquo;</a></li>
     <% } %>
   </ul>
 </div>

From ce57300b562f11ba74dd0eb0e110e30e4510f602 Mon Sep 17 00:00:00 2001
From: Dave Cottlehuber <dch@apache.org>
Date: Thu, 14 Aug 2014 00:53:30 +0200
Subject: [PATCH 34/57] build: set version for 1.6.1 release

---
 acinclude.m4.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acinclude.m4.in b/acinclude.m4.in
index 9f0b3f44d78..ef4e8a6576a 100644
--- a/acinclude.m4.in
+++ b/acinclude.m4.in
@@ -18,7 +18,7 @@ m4_define([LOCAL_PACKAGE_NAME], [Apache CouchDB])
 m4_define([LOCAL_BUG_URI], [https://issues.apache.org/jira/browse/COUCHDB])
 m4_define([LOCAL_VERSION_MAJOR], [1])
 m4_define([LOCAL_VERSION_MINOR], [6])
-m4_define([LOCAL_VERSION_REVISION], [0])
+m4_define([LOCAL_VERSION_REVISION], [1])
 m4_define([LOCAL_VERSION_STAGE], [])
 m4_define([LOCAL_VERSION_RELEASE], [])
 m4_define([LOCAL_VERSION_PRIMARY],

From 59e4bdaced13954ff9c8d8927c6090a65a429a37 Mon Sep 17 00:00:00 2001
From: Dave Cottlehuber <dch@apache.org>
Date: Thu, 14 Aug 2014 11:58:33 +0200
Subject: [PATCH 35/57] docs: update release notes with noteworthy commits

---
 share/doc/src/whatsnew/1.6.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index 5b971da013e..a5f0e4e0c16 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -33,6 +33,15 @@ as deprecated and will be removed in future releases. It's strongly recommended
 to update :config:option:`httpd/authentication_handlers` option with new value
 in case if you had used such handler.
 
+.. _release/1.6.1:
+
+Version 1.6.1
+=============
+
+bugfix release:
+
+* Hash admin passwords stored in ``local.ini`` on startup :commit:`d43f69d`.
+
 .. _release/1.6.0:
 
 Version 1.6.0

From ed825d362ff237981ef15e4a28e326c79bd1367f Mon Sep 17 00:00:00 2001
From: Robert Newson <rnewson@apache.org>
Date: Fri, 6 Jun 2014 20:38:14 +0100
Subject: [PATCH 36/57] hash admin passwords on startup when list

---
 src/couchdb/couch_passwords.erl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/couchdb/couch_passwords.erl b/src/couchdb/couch_passwords.erl
index bbf6d9ac3b1..9abf31b5c42 100644
--- a/src/couchdb/couch_passwords.erl
+++ b/src/couchdb/couch_passwords.erl
@@ -26,7 +26,9 @@ simple(Password, Salt) when is_binary(Password), is_binary(Salt) ->
     ?l2b(couch_util:to_hex(crypto:sha(<<Password/binary, Salt/binary>>))).
 
 %% CouchDB utility functions
--spec hash_admin_password(binary()) -> binary().
+-spec hash_admin_password(binary() | list()) -> binary().
+hash_admin_password(ClearPassword) when is_list(ClearPassword) ->
+    hash_admin_password(?l2b(ClearPassword));
 hash_admin_password(ClearPassword) when is_binary(ClearPassword) ->
     Iterations = couch_config:get("couch_httpd_auth", "iterations", "10000"),
     Salt = couch_uuids:random(),

From 6acdb2203e5b97030014d18ab1fa83d1e3828038 Mon Sep 17 00:00:00 2001
From: Dave Cottlehuber <dch@apache.org>
Date: Mon, 18 Aug 2014 17:45:45 +0200
Subject: [PATCH 37/57] docs: include the right commit from the right branch

---
 share/doc/src/whatsnew/1.6.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index a5f0e4e0c16..a7bdd21a6c1 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -40,7 +40,7 @@ Version 1.6.1
 
 bugfix release:
 
-* Hash admin passwords stored in ``local.ini`` on startup :commit:`d43f69d`.
+* Hash admin passwords stored in ``local.ini`` on startup :commit:`ed825d3`.
 
 .. _release/1.6.0:
 

From 5e46f3b988797e16bde36518d5b808eadd83ecfa Mon Sep 17 00:00:00 2001
From: Robert Newson <rnewson@apache.org>
Date: Thu, 21 Aug 2014 16:34:59 +0100
Subject: [PATCH 38/57] Don't upgrade admin hashes into the _users database

Admin users are stored in .ini files and are not full-fledged user
documents. Internally, a fake document is made to allow insertion into
the auth cache. CouchDB 1.6 introduced a feature to upgrade password
hashes from the legacy simple hash scheme to the stronger PBKDF2
scheme. It inappropriately attempted to do this to the fake admin
docs, which do not pass the _design/_auth validation checks. This is
fortunate, however, as CouchDB would then have written the admin users
into the users database causing widespread confusion and fear.
---
 src/couchdb/couch_httpd_auth.erl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 6888f06919d..30528325564 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -345,8 +345,9 @@ maybe_value(Key, Else, Fun) ->
     [{Key, Fun(Else)}].
 
 maybe_upgrade_password_hash(UserName, Password, UserProps) ->
-    case couch_util:get_value(<<"password_scheme">>, UserProps, <<"simple">>) of
-    <<"simple">> ->
+    IsAdmin = lists:member(<<"_admin">>, couch_util:get_value(<<"roles">>, UserProps, [])),
+    case {IsAdmin, couch_util:get_value(<<"password_scheme">>, UserProps, <<"simple">>)} of
+    {false, <<"simple">>} ->
         DbName = ?l2b(couch_config:get("couch_httpd_auth", "authentication_db", "_users")),
         couch_util:with_db(DbName, fun(UserDb) ->
             UserProps2 = proplists:delete(<<"password_sha">>, UserProps),

From 31dc5960d418e17eb454563330338abfd5fbbc23 Mon Sep 17 00:00:00 2001
From: Dave Cottlehuber <dch@apache.org>
Date: Fri, 22 Aug 2014 00:18:11 +0200
Subject: [PATCH 39/57] docs: include release notes for improved handling of
 admin password hashing

- closes COUCHDB-2298
- closes COUCHDB-2299
---
 share/doc/src/whatsnew/1.6.rst | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/share/doc/src/whatsnew/1.6.rst b/share/doc/src/whatsnew/1.6.rst
index a7bdd21a6c1..69002155c77 100644
--- a/share/doc/src/whatsnew/1.6.rst
+++ b/share/doc/src/whatsnew/1.6.rst
@@ -21,26 +21,36 @@
    :depth: 1
    :local:
 
+.. warning::
+
+   :ref:`release/1.6.1` contains important patches to hash of passwords on
+   restart. The previous :ref:`release/1.6.0` release is not recommended for
+   usage as certain edge cases with admin passwords may prevent CouchDB from
+   starting.
+
 .. _release/1.6.x/upgrade:
 
-Upgrade Notes
-=============
+Deprecations
+============
 
 The :ref:`Proxy Authentication <api/auth/proxy>` handler was renamed to
-``proxy_authentication_handler`` to follow the ``*_authentication_handler`` form
+``proxy_authentication_handler`` to follow the ``*_authentication_handler`` from
 of all other handlers. The old ``proxy_authentification_handler`` name is marked
-as deprecated and will be removed in future releases. It's strongly recommended
-to update :config:option:`httpd/authentication_handlers` option with new value
-in case if you had used such handler.
+as deprecated and will be removed in future releases. It's highly recommended
+to update :config:option:`httpd/authentication_handlers` option with the new
+value if you have used such a handler.
 
 .. _release/1.6.1:
 
 Version 1.6.1
 =============
 
-bugfix release:
+A bugfix release to handle various edge cases related to admin password hashing.
 
-* Hash admin passwords stored in ``local.ini`` on startup :commit:`ed825d3`.
+* :issue:`2298`: Hash plaintext admin passwords stored in ``local.ini`` on startup
+  :commit:`ed825d3`.
+* :issue:`2299`: Filter out local admin users before updating password hash in
+  ``_users`` db :commit:`5e46f3b`.
 
 .. _release/1.6.0:
 

From 164cf5ed24cd79fbe3b308181de4cf6e4f33234e Mon Sep 17 00:00:00 2001
From: Jan Lehnardt <jan@apache.org>
Date: Fri, 10 Oct 2014 20:03:30 +0200
Subject: [PATCH 40/57] 1.6.2 is next in this branch

---
 acinclude.m4.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acinclude.m4.in b/acinclude.m4.in
index ef4e8a6576a..c51221142e7 100644
--- a/acinclude.m4.in
+++ b/acinclude.m4.in
@@ -18,7 +18,7 @@ m4_define([LOCAL_PACKAGE_NAME], [Apache CouchDB])
 m4_define([LOCAL_BUG_URI], [https://issues.apache.org/jira/browse/COUCHDB])
 m4_define([LOCAL_VERSION_MAJOR], [1])
 m4_define([LOCAL_VERSION_MINOR], [6])
-m4_define([LOCAL_VERSION_REVISION], [1])
+m4_define([LOCAL_VERSION_REVISION], [2])
 m4_define([LOCAL_VERSION_STAGE], [])
 m4_define([LOCAL_VERSION_RELEASE], [])
 m4_define([LOCAL_VERSION_PRIMARY],

From 83cf448f0b340a169f547323f8aacddcfd741603 Mon Sep 17 00:00:00 2001
From: Jan Lehnardt <jan@apache.org>
Date: Fri, 10 Oct 2014 20:07:58 +0200
Subject: [PATCH 41/57] 1.7.0 is next in this branch

---
 acinclude.m4.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/acinclude.m4.in b/acinclude.m4.in
index c51221142e7..f947920cb83 100644
--- a/acinclude.m4.in
+++ b/acinclude.m4.in
@@ -17,8 +17,8 @@ m4_define([LOCAL_PACKAGE_TARNAME], [apache-couchdb])
 m4_define([LOCAL_PACKAGE_NAME], [Apache CouchDB])
 m4_define([LOCAL_BUG_URI], [https://issues.apache.org/jira/browse/COUCHDB])
 m4_define([LOCAL_VERSION_MAJOR], [1])
-m4_define([LOCAL_VERSION_MINOR], [6])
-m4_define([LOCAL_VERSION_REVISION], [2])
+m4_define([LOCAL_VERSION_MINOR], [7])
+m4_define([LOCAL_VERSION_REVISION], [0])
 m4_define([LOCAL_VERSION_STAGE], [])
 m4_define([LOCAL_VERSION_RELEASE], [])
 m4_define([LOCAL_VERSION_PRIMARY],

From c3c9588ca8d087419462dbffced3c15033375876 Mon Sep 17 00:00:00 2001
From: Klaus Trainer <klaus_trainer@apache.org>
Date: Mon, 27 Oct 2014 11:55:14 +0100
Subject: [PATCH 42/57] Improve documentation of `cacert_file` ssl option

The documentation was incorrect insofar that it only described its
functionality for client verification, although the configuration is
used for server verification as well.
---
 share/doc/src/config/http.rst | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
index 1ae3abeaa33..4084be5e08a 100644
--- a/share/doc/src/config/http.rst
+++ b/share/doc/src/config/http.rst
@@ -329,9 +329,12 @@ Secure Socket Level Options
 
   .. config:option:: cacert_file :: CA Certificate file
 
-    Path to file containing PEM encoded CA certificates (trusted certificates
-    used for verifying a peer certificate). May be omitted if you do not want
-    to verify the peer::
+    The path to a file containing PEM encoded CA certificates. The CA
+    certificates are used to build the server certificate chain, and for client
+    authentication. Also the CAs are used in the list of acceptable client CAs
+    passed to the client when a certificate is requested. May be omitted if
+    there is no need to verify the client and if there are not any intermediate
+    CAs for the server certificate::
 
       [ssl]
       cacert_file = /etc/ssl/certs/ca-certificates.crt

From f9095e7dc3caff6849e0e011d9459c0f61c85cbf Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Wed, 29 Oct 2014 19:01:17 +0300
Subject: [PATCH 43/57] jquery.couch: fix document copying

To COPY a doc the client must specify the target doc id in Destination
header. Additionally, it may add the revision parameter if document
already exists and we want to copy over it.
---
 share/www/script/jquery.couch.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/share/www/script/jquery.couch.js b/share/www/script/jquery.couch.js
index ffbad34303d..21b151e8774 100644
--- a/share/www/script/jquery.couch.js
+++ b/share/www/script/jquery.couch.js
@@ -734,6 +734,16 @@
          */
         copyDoc: function(docId, options, ajaxOptions) {
           ajaxOptions = $.extend(ajaxOptions, {
+            beforeSend: function(XMLHttpRequest) {
+              if (!options || !options.docid) {
+                  throw "Target docid required";
+              }
+              var header = options.docid;
+              if (options.rev) {
+                  header += '?rev=' + options.rev
+              }
+              XMLHttpRequest.setRequestHeader("Destination", header);
+            },
             complete: function(req) {
               var resp = $.parseJSON(req.responseText);
               if (req.status == 201) {

From ad2262ae5b4ec5d2c9f8faf2d958019fee63a2f1 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Thu, 30 Oct 2014 14:47:58 +0300
Subject: [PATCH 44/57] Update jQuery UI to 1.9.2

Fixes COUCHDB-1891
---
 share/Makefile.am                             |  2 +-
 share/www/replicator.html                     |  2 +-
 .../www/script/jquery-ui-1.8.11.custom.min.js | 81 -------------------
 .../www/script/jquery-ui-1.9.2.custom.min.js  |  6 ++
 4 files changed, 8 insertions(+), 83 deletions(-)
 delete mode 100644 share/www/script/jquery-ui-1.8.11.custom.min.js
 create mode 100644 share/www/script/jquery-ui-1.9.2.custom.min.js

diff --git a/share/Makefile.am b/share/Makefile.am
index 84b91cb9a58..49723394f14 100644
--- a/share/Makefile.am
+++ b/share/Makefile.am
@@ -142,7 +142,7 @@ nobase_dist_localdata_DATA = \
     www/script/jquery.editinline.js \
     www/script/jquery.form.js \
     www/script/jquery.js \
-    www/script/jquery-ui-1.8.11.custom.min.js \
+    www/script/jquery-ui-1.9.2.custom.min.js \
     www/script/jquery.resizer.js \
     www/script/jquery.suggest.js \
     www/script/json2.js \
diff --git a/share/www/replicator.html b/share/www/replicator.html
index eb6ecc07661..132dde18d7c 100644
--- a/share/www/replicator.html
+++ b/share/www/replicator.html
@@ -25,7 +25,7 @@
     <script src="script/jquery.couch.js"></script>
     <script src="script/jquery.dialog.js"></script>
     <script src="script/futon.js"></script>
-    <script src="script/jquery-ui-1.8.11.custom.min.js"></script>
+    <script src="script/jquery-ui-1.9.2.custom.min.js"></script>
     <script>
       $(document).ready(function() {
         var allDatabases;
diff --git a/share/www/script/jquery-ui-1.8.11.custom.min.js b/share/www/script/jquery-ui-1.8.11.custom.min.js
deleted file mode 100644
index 45b927e0316..00000000000
--- a/share/www/script/jquery-ui-1.8.11.custom.min.js
+++ /dev/null
@@ -1,81 +0,0 @@
-/*!
- * jQuery UI 1.8.11
- *
- * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * http://docs.jquery.com/UI
- */
-(function(c,j){function k(a){return!c(a).parents().andSelf().filter(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filters.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.extend(c.ui,{version:"1.8.11",keyCode:{ALT:18,BACKSPACE:8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,
-NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:190,RIGHT:39,SHIFT:16,SPACE:32,TAB:9,UP:38,WINDOWS:91}});c.fn.extend({_focus:c.fn.focus,focus:function(a,b){return typeof a==="number"?this.each(function(){var d=this;setTimeout(function(){c(d).focus();b&&b.call(d)},a)}):this._focus.apply(this,arguments)},scrollParent:function(){var a;a=c.browser.msie&&/(static|relative)/.test(this.css("position"))||/absolute/.test(this.css("position"))?this.parents().filter(function(){return/(relative|absolute|fixed)/.test(c.curCSS(this,
-"position",1))&&/(auto|scroll)/.test(c.curCSS(this,"overflow",1)+c.curCSS(this,"overflow-y",1)+c.curCSS(this,"overflow-x",1))}).eq(0):this.parents().filter(function(){return/(auto|scroll)/.test(c.curCSS(this,"overflow",1)+c.curCSS(this,"overflow-y",1)+c.curCSS(this,"overflow-x",1))}).eq(0);return/fixed/.test(this.css("position"))||!a.length?c(document):a},zIndex:function(a){if(a!==j)return this.css("zIndex",a);if(this.length){a=c(this[0]);for(var b;a.length&&a[0]!==document;){b=a.css("position");
-if(b==="absolute"||b==="relative"||b==="fixed"){b=parseInt(a.css("zIndex"),10);if(!isNaN(b)&&b!==0)return b}a=a.parent()}}return 0},disableSelection:function(){return this.bind((c.support.selectstart?"selectstart":"mousedown")+".ui-disableSelection",function(a){a.preventDefault()})},enableSelection:function(){return this.unbind(".ui-disableSelection")}});c.each(["Width","Height"],function(a,b){function d(f,g,l,m){c.each(e,function(){g-=parseFloat(c.curCSS(f,"padding"+this,true))||0;if(l)g-=parseFloat(c.curCSS(f,
-"border"+this+"Width",true))||0;if(m)g-=parseFloat(c.curCSS(f,"margin"+this,true))||0});return g}var e=b==="Width"?["Left","Right"]:["Top","Bottom"],h=b.toLowerCase(),i={innerWidth:c.fn.innerWidth,innerHeight:c.fn.innerHeight,outerWidth:c.fn.outerWidth,outerHeight:c.fn.outerHeight};c.fn["inner"+b]=function(f){if(f===j)return i["inner"+b].call(this);return this.each(function(){c(this).css(h,d(this,f)+"px")})};c.fn["outer"+b]=function(f,g){if(typeof f!=="number")return i["outer"+b].call(this,f);return this.each(function(){c(this).css(h,
-d(this,f,true,g)+"px")})}});c.extend(c.expr[":"],{data:function(a,b,d){return!!c.data(a,d[3])},focusable:function(a){var b=a.nodeName.toLowerCase(),d=c.attr(a,"tabindex");if("area"===b){b=a.parentNode;d=b.name;if(!a.href||!d||b.nodeName.toLowerCase()!=="map")return false;a=c("img[usemap=#"+d+"]")[0];return!!a&&k(a)}return(/input|select|textarea|button|object/.test(b)?!a.disabled:"a"==b?a.href||!isNaN(d):!isNaN(d))&&k(a)},tabbable:function(a){var b=c.attr(a,"tabindex");return(isNaN(b)||b>=0)&&c(a).is(":focusable")}});
-c(function(){var a=document.body,b=a.appendChild(b=document.createElement("div"));c.extend(b.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:0});c.support.minHeight=b.offsetHeight===100;c.support.selectstart="onselectstart"in b;a.removeChild(b).style.display="none"});c.extend(c.ui,{plugin:{add:function(a,b,d){a=c.ui[a].prototype;for(var e in d){a.plugins[e]=a.plugins[e]||[];a.plugins[e].push([b,d[e]])}},call:function(a,b,d){if((b=a.plugins[b])&&a.element[0].parentNode)for(var e=0;e<b.length;e++)a.options[b[e][0]]&&
-b[e][1].apply(a.element,d)}},contains:function(a,b){return document.compareDocumentPosition?a.compareDocumentPosition(b)&16:a!==b&&a.contains(b)},hasScroll:function(a,b){if(c(a).css("overflow")==="hidden")return false;b=b&&b==="left"?"scrollLeft":"scrollTop";var d=false;if(a[b]>0)return true;a[b]=1;d=a[b]>0;a[b]=0;return d},isOverAxis:function(a,b,d){return a>b&&a<b+d},isOver:function(a,b,d,e,h,i){return c.ui.isOverAxis(a,d,h)&&c.ui.isOverAxis(b,e,i)}})}})(jQuery);
-;/*!
- * jQuery UI Widget 1.8.11
- *
- * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * http://docs.jquery.com/UI/Widget
- */
-(function(b,j){if(b.cleanData){var k=b.cleanData;b.cleanData=function(a){for(var c=0,d;(d=a[c])!=null;c++)b(d).triggerHandler("remove");k(a)}}else{var l=b.fn.remove;b.fn.remove=function(a,c){return this.each(function(){if(!c)if(!a||b.filter(a,[this]).length)b("*",this).add([this]).each(function(){b(this).triggerHandler("remove")});return l.call(b(this),a,c)})}}b.widget=function(a,c,d){var e=a.split(".")[0],f;a=a.split(".")[1];f=e+"-"+a;if(!d){d=c;c=b.Widget}b.expr[":"][f]=function(h){return!!b.data(h,
-a)};b[e]=b[e]||{};b[e][a]=function(h,g){arguments.length&&this._createWidget(h,g)};c=new c;c.options=b.extend(true,{},c.options);b[e][a].prototype=b.extend(true,c,{namespace:e,widgetName:a,widgetEventPrefix:b[e][a].prototype.widgetEventPrefix||a,widgetBaseClass:f},d);b.widget.bridge(a,b[e][a])};b.widget.bridge=function(a,c){b.fn[a]=function(d){var e=typeof d==="string",f=Array.prototype.slice.call(arguments,1),h=this;d=!e&&f.length?b.extend.apply(null,[true,d].concat(f)):d;if(e&&d.charAt(0)==="_")return h;
-e?this.each(function(){var g=b.data(this,a),i=g&&b.isFunction(g[d])?g[d].apply(g,f):g;if(i!==g&&i!==j){h=i;return false}}):this.each(function(){var g=b.data(this,a);g?g.option(d||{})._init():b.data(this,a,new c(d,this))});return h}};b.Widget=function(a,c){arguments.length&&this._createWidget(a,c)};b.Widget.prototype={widgetName:"widget",widgetEventPrefix:"",options:{disabled:false},_createWidget:function(a,c){b.data(c,this.widgetName,this);this.element=b(c);this.options=b.extend(true,{},this.options,
-this._getCreateOptions(),a);var d=this;this.element.bind("remove."+this.widgetName,function(){d.destroy()});this._create();this._trigger("create");this._init()},_getCreateOptions:function(){return b.metadata&&b.metadata.get(this.element[0])[this.widgetName]},_create:function(){},_init:function(){},destroy:function(){this.element.unbind("."+this.widgetName).removeData(this.widgetName);this.widget().unbind("."+this.widgetName).removeAttr("aria-disabled").removeClass(this.widgetBaseClass+"-disabled ui-state-disabled")},
-widget:function(){return this.element},option:function(a,c){var d=a;if(arguments.length===0)return b.extend({},this.options);if(typeof a==="string"){if(c===j)return this.options[a];d={};d[a]=c}this._setOptions(d);return this},_setOptions:function(a){var c=this;b.each(a,function(d,e){c._setOption(d,e)});return this},_setOption:function(a,c){this.options[a]=c;if(a==="disabled")this.widget()[c?"addClass":"removeClass"](this.widgetBaseClass+"-disabled ui-state-disabled").attr("aria-disabled",c);return this},
-enable:function(){return this._setOption("disabled",false)},disable:function(){return this._setOption("disabled",true)},_trigger:function(a,c,d){var e=this.options[a];c=b.Event(c);c.type=(a===this.widgetEventPrefix?a:this.widgetEventPrefix+a).toLowerCase();d=d||{};if(c.originalEvent){a=b.event.props.length;for(var f;a;){f=b.event.props[--a];c[f]=c.originalEvent[f]}}this.element.trigger(c,d);return!(b.isFunction(e)&&e.call(this.element[0],c,d)===false||c.isDefaultPrevented())}}})(jQuery);
-;/*
- * jQuery UI Position 1.8.11
- *
- * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * http://docs.jquery.com/UI/Position
- */
-(function(c){c.ui=c.ui||{};var n=/left|center|right/,o=/top|center|bottom/,t=c.fn.position,u=c.fn.offset;c.fn.position=function(b){if(!b||!b.of)return t.apply(this,arguments);b=c.extend({},b);var a=c(b.of),d=a[0],g=(b.collision||"flip").split(" "),e=b.offset?b.offset.split(" "):[0,0],h,k,j;if(d.nodeType===9){h=a.width();k=a.height();j={top:0,left:0}}else if(d.setTimeout){h=a.width();k=a.height();j={top:a.scrollTop(),left:a.scrollLeft()}}else if(d.preventDefault){b.at="left top";h=k=0;j={top:b.of.pageY,
-left:b.of.pageX}}else{h=a.outerWidth();k=a.outerHeight();j=a.offset()}c.each(["my","at"],function(){var f=(b[this]||"").split(" ");if(f.length===1)f=n.test(f[0])?f.concat(["center"]):o.test(f[0])?["center"].concat(f):["center","center"];f[0]=n.test(f[0])?f[0]:"center";f[1]=o.test(f[1])?f[1]:"center";b[this]=f});if(g.length===1)g[1]=g[0];e[0]=parseInt(e[0],10)||0;if(e.length===1)e[1]=e[0];e[1]=parseInt(e[1],10)||0;if(b.at[0]==="right")j.left+=h;else if(b.at[0]==="center")j.left+=h/2;if(b.at[1]==="bottom")j.top+=
-k;else if(b.at[1]==="center")j.top+=k/2;j.left+=e[0];j.top+=e[1];return this.each(function(){var f=c(this),l=f.outerWidth(),m=f.outerHeight(),p=parseInt(c.curCSS(this,"marginLeft",true))||0,q=parseInt(c.curCSS(this,"marginTop",true))||0,v=l+p+(parseInt(c.curCSS(this,"marginRight",true))||0),w=m+q+(parseInt(c.curCSS(this,"marginBottom",true))||0),i=c.extend({},j),r;if(b.my[0]==="right")i.left-=l;else if(b.my[0]==="center")i.left-=l/2;if(b.my[1]==="bottom")i.top-=m;else if(b.my[1]==="center")i.top-=
-m/2;i.left=Math.round(i.left);i.top=Math.round(i.top);r={left:i.left-p,top:i.top-q};c.each(["left","top"],function(s,x){c.ui.position[g[s]]&&c.ui.position[g[s]][x](i,{targetWidth:h,targetHeight:k,elemWidth:l,elemHeight:m,collisionPosition:r,collisionWidth:v,collisionHeight:w,offset:e,my:b.my,at:b.at})});c.fn.bgiframe&&f.bgiframe();f.offset(c.extend(i,{using:b.using}))})};c.ui.position={fit:{left:function(b,a){var d=c(window);d=a.collisionPosition.left+a.collisionWidth-d.width()-d.scrollLeft();b.left=
-d>0?b.left-d:Math.max(b.left-a.collisionPosition.left,b.left)},top:function(b,a){var d=c(window);d=a.collisionPosition.top+a.collisionHeight-d.height()-d.scrollTop();b.top=d>0?b.top-d:Math.max(b.top-a.collisionPosition.top,b.top)}},flip:{left:function(b,a){if(a.at[0]!=="center"){var d=c(window);d=a.collisionPosition.left+a.collisionWidth-d.width()-d.scrollLeft();var g=a.my[0]==="left"?-a.elemWidth:a.my[0]==="right"?a.elemWidth:0,e=a.at[0]==="left"?a.targetWidth:-a.targetWidth,h=-2*a.offset[0];b.left+=
-a.collisionPosition.left<0?g+e+h:d>0?g+e+h:0}},top:function(b,a){if(a.at[1]!=="center"){var d=c(window);d=a.collisionPosition.top+a.collisionHeight-d.height()-d.scrollTop();var g=a.my[1]==="top"?-a.elemHeight:a.my[1]==="bottom"?a.elemHeight:0,e=a.at[1]==="top"?a.targetHeight:-a.targetHeight,h=-2*a.offset[1];b.top+=a.collisionPosition.top<0?g+e+h:d>0?g+e+h:0}}}};if(!c.offset.setOffset){c.offset.setOffset=function(b,a){if(/static/.test(c.curCSS(b,"position")))b.style.position="relative";var d=c(b),
-g=d.offset(),e=parseInt(c.curCSS(b,"top",true),10)||0,h=parseInt(c.curCSS(b,"left",true),10)||0;g={top:a.top-g.top+e,left:a.left-g.left+h};"using"in a?a.using.call(b,g):d.css(g)};c.fn.offset=function(b){var a=this[0];if(!a||!a.ownerDocument)return null;if(b)return this.each(function(){c.offset.setOffset(this,b)});return u.call(this)}}})(jQuery);
-;/*
- * jQuery UI Autocomplete 1.8.11
- *
- * Copyright 2011, AUTHORS.txt (http://jqueryui.com/about)
- * Dual licensed under the MIT or GPL Version 2 licenses.
- * http://jquery.org/license
- *
- * http://docs.jquery.com/UI/Autocomplete
- *
- * Depends:
- *	jquery.ui.core.js
- *	jquery.ui.widget.js
- *	jquery.ui.position.js
- */
-(function(d){var e=0;d.widget("ui.autocomplete",{options:{appendTo:"body",autoFocus:false,delay:300,minLength:1,position:{my:"left top",at:"left bottom",collision:"none"},source:null},pending:0,_create:function(){var a=this,b=this.element[0].ownerDocument,g;this.element.addClass("ui-autocomplete-input").attr("autocomplete","off").attr({role:"textbox","aria-autocomplete":"list","aria-haspopup":"true"}).bind("keydown.autocomplete",function(c){if(!(a.options.disabled||a.element.attr("readonly"))){g=
-false;var f=d.ui.keyCode;switch(c.keyCode){case f.PAGE_UP:a._move("previousPage",c);break;case f.PAGE_DOWN:a._move("nextPage",c);break;case f.UP:a._move("previous",c);c.preventDefault();break;case f.DOWN:a._move("next",c);c.preventDefault();break;case f.ENTER:case f.NUMPAD_ENTER:if(a.menu.active){g=true;c.preventDefault()}case f.TAB:if(!a.menu.active)return;a.menu.select(c);break;case f.ESCAPE:a.element.val(a.term);a.close(c);break;default:clearTimeout(a.searching);a.searching=setTimeout(function(){if(a.term!=
-a.element.val()){a.selectedItem=null;a.search(null,c)}},a.options.delay);break}}}).bind("keypress.autocomplete",function(c){if(g){g=false;c.preventDefault()}}).bind("focus.autocomplete",function(){if(!a.options.disabled){a.selectedItem=null;a.previous=a.element.val()}}).bind("blur.autocomplete",function(c){if(!a.options.disabled){clearTimeout(a.searching);a.closing=setTimeout(function(){a.close(c);a._change(c)},150)}});this._initSource();this.response=function(){return a._response.apply(a,arguments)};
-this.menu=d("<ul></ul>").addClass("ui-autocomplete").appendTo(d(this.options.appendTo||"body",b)[0]).mousedown(function(c){var f=a.menu.element[0];d(c.target).closest(".ui-menu-item").length||setTimeout(function(){d(document).one("mousedown",function(h){h.target!==a.element[0]&&h.target!==f&&!d.ui.contains(f,h.target)&&a.close()})},1);setTimeout(function(){clearTimeout(a.closing)},13)}).menu({focus:function(c,f){f=f.item.data("item.autocomplete");false!==a._trigger("focus",c,{item:f})&&/^key/.test(c.originalEvent.type)&&
-a.element.val(f.value)},selected:function(c,f){var h=f.item.data("item.autocomplete"),i=a.previous;if(a.element[0]!==b.activeElement){a.element.focus();a.previous=i;setTimeout(function(){a.previous=i;a.selectedItem=h},1)}false!==a._trigger("select",c,{item:h})&&a.element.val(h.value);a.term=a.element.val();a.close(c);a.selectedItem=h},blur:function(){a.menu.element.is(":visible")&&a.element.val()!==a.term&&a.element.val(a.term)}}).zIndex(this.element.zIndex()+1).css({top:0,left:0}).hide().data("menu");
-d.fn.bgiframe&&this.menu.element.bgiframe()},destroy:function(){this.element.removeClass("ui-autocomplete-input").removeAttr("autocomplete").removeAttr("role").removeAttr("aria-autocomplete").removeAttr("aria-haspopup");this.menu.element.remove();d.Widget.prototype.destroy.call(this)},_setOption:function(a,b){d.Widget.prototype._setOption.apply(this,arguments);a==="source"&&this._initSource();if(a==="appendTo")this.menu.element.appendTo(d(b||"body",this.element[0].ownerDocument)[0]);a==="disabled"&&
-b&&this.xhr&&this.xhr.abort()},_initSource:function(){var a=this,b,g;if(d.isArray(this.options.source)){b=this.options.source;this.source=function(c,f){f(d.ui.autocomplete.filter(b,c.term))}}else if(typeof this.options.source==="string"){g=this.options.source;this.source=function(c,f){a.xhr&&a.xhr.abort();a.xhr=d.ajax({url:g,data:c,dataType:"json",autocompleteRequest:++e,success:function(h){this.autocompleteRequest===e&&f(h)},error:function(){this.autocompleteRequest===e&&f([])}})}}else this.source=
-this.options.source},search:function(a,b){a=a!=null?a:this.element.val();this.term=this.element.val();if(a.length<this.options.minLength)return this.close(b);clearTimeout(this.closing);if(this._trigger("search",b)!==false)return this._search(a)},_search:function(a){this.pending++;this.element.addClass("ui-autocomplete-loading");this.source({term:a},this.response)},_response:function(a){if(!this.options.disabled&&a&&a.length){a=this._normalize(a);this._suggest(a);this._trigger("open")}else this.close();
-this.pending--;this.pending||this.element.removeClass("ui-autocomplete-loading")},close:function(a){clearTimeout(this.closing);if(this.menu.element.is(":visible")){this.menu.element.hide();this.menu.deactivate();this._trigger("close",a)}},_change:function(a){this.previous!==this.element.val()&&this._trigger("change",a,{item:this.selectedItem})},_normalize:function(a){if(a.length&&a[0].label&&a[0].value)return a;return d.map(a,function(b){if(typeof b==="string")return{label:b,value:b};return d.extend({label:b.label||
-b.value,value:b.value||b.label},b)})},_suggest:function(a){var b=this.menu.element.empty().zIndex(this.element.zIndex()+1);this._renderMenu(b,a);this.menu.deactivate();this.menu.refresh();b.show();this._resizeMenu();b.position(d.extend({of:this.element},this.options.position));this.options.autoFocus&&this.menu.next(new d.Event("mouseover"))},_resizeMenu:function(){var a=this.menu.element;a.outerWidth(Math.max(a.width("").outerWidth(),this.element.outerWidth()))},_renderMenu:function(a,b){var g=this;
-d.each(b,function(c,f){g._renderItem(a,f)})},_renderItem:function(a,b){return d("<li></li>").data("item.autocomplete",b).append(d("<a></a>").text(b.label)).appendTo(a)},_move:function(a,b){if(this.menu.element.is(":visible"))if(this.menu.first()&&/^previous/.test(a)||this.menu.last()&&/^next/.test(a)){this.element.val(this.term);this.menu.deactivate()}else this.menu[a](b);else this.search(null,b)},widget:function(){return this.menu.element}});d.extend(d.ui.autocomplete,{escapeRegex:function(a){return a.replace(/[-[\]{}()*+?.,\\^$|#\s]/g,
-"\\$&")},filter:function(a,b){var g=new RegExp(d.ui.autocomplete.escapeRegex(b),"i");return d.grep(a,function(c){return g.test(c.label||c.value||c)})}})})(jQuery);
-(function(d){d.widget("ui.menu",{_create:function(){var e=this;this.element.addClass("ui-menu ui-widget ui-widget-content ui-corner-all").attr({role:"listbox","aria-activedescendant":"ui-active-menuitem"}).click(function(a){if(d(a.target).closest(".ui-menu-item a").length){a.preventDefault();e.select(a)}});this.refresh()},refresh:function(){var e=this;this.element.children("li:not(.ui-menu-item):has(a)").addClass("ui-menu-item").attr("role","menuitem").children("a").addClass("ui-corner-all").attr("tabindex",
--1).mouseenter(function(a){e.activate(a,d(this).parent())}).mouseleave(function(){e.deactivate()})},activate:function(e,a){this.deactivate();if(this.hasScroll()){var b=a.offset().top-this.element.offset().top,g=this.element.attr("scrollTop"),c=this.element.height();if(b<0)this.element.attr("scrollTop",g+b);else b>=c&&this.element.attr("scrollTop",g+b-c+a.height())}this.active=a.eq(0).children("a").addClass("ui-state-hover").attr("id","ui-active-menuitem").end();this._trigger("focus",e,{item:a})},
-deactivate:function(){if(this.active){this.active.children("a").removeClass("ui-state-hover").removeAttr("id");this._trigger("blur");this.active=null}},next:function(e){this.move("next",".ui-menu-item:first",e)},previous:function(e){this.move("prev",".ui-menu-item:last",e)},first:function(){return this.active&&!this.active.prevAll(".ui-menu-item").length},last:function(){return this.active&&!this.active.nextAll(".ui-menu-item").length},move:function(e,a,b){if(this.active){e=this.active[e+"All"](".ui-menu-item").eq(0);
-e.length?this.activate(b,e):this.activate(b,this.element.children(a))}else this.activate(b,this.element.children(a))},nextPage:function(e){if(this.hasScroll())if(!this.active||this.last())this.activate(e,this.element.children(".ui-menu-item:first"));else{var a=this.active.offset().top,b=this.element.height(),g=this.element.children(".ui-menu-item").filter(function(){var c=d(this).offset().top-a-b+d(this).height();return c<10&&c>-10});g.length||(g=this.element.children(".ui-menu-item:last"));this.activate(e,
-g)}else this.activate(e,this.element.children(".ui-menu-item").filter(!this.active||this.last()?":first":":last"))},previousPage:function(e){if(this.hasScroll())if(!this.active||this.first())this.activate(e,this.element.children(".ui-menu-item:last"));else{var a=this.active.offset().top,b=this.element.height();result=this.element.children(".ui-menu-item").filter(function(){var g=d(this).offset().top-a+b-d(this).height();return g<10&&g>-10});result.length||(result=this.element.children(".ui-menu-item:first"));
-this.activate(e,result)}else this.activate(e,this.element.children(".ui-menu-item").filter(!this.active||this.first()?":last":":first"))},hasScroll:function(){return this.element.height()<this.element.attr("scrollHeight")},select:function(e){this._trigger("selected",e,{item:this.active})}})})(jQuery);
-;
\ No newline at end of file
diff --git a/share/www/script/jquery-ui-1.9.2.custom.min.js b/share/www/script/jquery-ui-1.9.2.custom.min.js
new file mode 100644
index 00000000000..4ae74745a00
--- /dev/null
+++ b/share/www/script/jquery-ui-1.9.2.custom.min.js
@@ -0,0 +1,6 @@
+/*! jQuery UI - v1.9.2 - 2014-10-30
+* http://jqueryui.com
+* Includes: jquery.ui.core.js, jquery.ui.widget.js, jquery.ui.position.js, jquery.ui.autocomplete.js, jquery.ui.menu.js
+* Copyright 2014 jQuery Foundation and other contributors; Licensed MIT */
+
+(function(e,t){function i(t,i){var n,a,o,r=t.nodeName.toLowerCase();return"area"===r?(n=t.parentNode,a=n.name,t.href&&a&&"map"===n.nodeName.toLowerCase()?(o=e("img[usemap=#"+a+"]")[0],!!o&&s(o)):!1):(/input|select|textarea|button|object/.test(r)?!t.disabled:"a"===r?t.href||i:i)&&s(t)}function s(t){return e.expr.filters.visible(t)&&!e(t).parents().andSelf().filter(function(){return"hidden"===e.css(this,"visibility")}).length}var n=0,a=/^ui-id-\d+$/;e.ui=e.ui||{},e.ui.version||(e.extend(e.ui,{version:"1.9.2",keyCode:{BACKSPACE:8,COMMA:188,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,LEFT:37,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:190,RIGHT:39,SPACE:32,TAB:9,UP:38}}),e.fn.extend({_focus:e.fn.focus,focus:function(t,i){return"number"==typeof t?this.each(function(){var s=this;setTimeout(function(){e(s).focus(),i&&i.call(s)},t)}):this._focus.apply(this,arguments)},scrollParent:function(){var t;return t=e.ui.ie&&/(static|relative)/.test(this.css("position"))||/absolute/.test(this.css("position"))?this.parents().filter(function(){return/(relative|absolute|fixed)/.test(e.css(this,"position"))&&/(auto|scroll)/.test(e.css(this,"overflow")+e.css(this,"overflow-y")+e.css(this,"overflow-x"))}).eq(0):this.parents().filter(function(){return/(auto|scroll)/.test(e.css(this,"overflow")+e.css(this,"overflow-y")+e.css(this,"overflow-x"))}).eq(0),/fixed/.test(this.css("position"))||!t.length?e(document):t},zIndex:function(i){if(i!==t)return this.css("zIndex",i);if(this.length)for(var s,n,a=e(this[0]);a.length&&a[0]!==document;){if(s=a.css("position"),("absolute"===s||"relative"===s||"fixed"===s)&&(n=parseInt(a.css("zIndex"),10),!isNaN(n)&&0!==n))return n;a=a.parent()}return 0},uniqueId:function(){return this.each(function(){this.id||(this.id="ui-id-"+ ++n)})},removeUniqueId:function(){return this.each(function(){a.test(this.id)&&e(this).removeAttr("id")})}}),e.extend(e.expr[":"],{data:e.expr.createPseudo?e.expr.createPseudo(function(t){return function(i){return!!e.data(i,t)}}):function(t,i,s){return!!e.data(t,s[3])},focusable:function(t){return i(t,!isNaN(e.attr(t,"tabindex")))},tabbable:function(t){var s=e.attr(t,"tabindex"),n=isNaN(s);return(n||s>=0)&&i(t,!n)}}),e(function(){var t=document.body,i=t.appendChild(i=document.createElement("div"));i.offsetHeight,e.extend(i.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:0}),e.support.minHeight=100===i.offsetHeight,e.support.selectstart="onselectstart"in i,t.removeChild(i).style.display="none"}),e("<a>").outerWidth(1).jquery||e.each(["Width","Height"],function(i,s){function n(t,i,s,n){return e.each(a,function(){i-=parseFloat(e.css(t,"padding"+this))||0,s&&(i-=parseFloat(e.css(t,"border"+this+"Width"))||0),n&&(i-=parseFloat(e.css(t,"margin"+this))||0)}),i}var a="Width"===s?["Left","Right"]:["Top","Bottom"],o=s.toLowerCase(),r={innerWidth:e.fn.innerWidth,innerHeight:e.fn.innerHeight,outerWidth:e.fn.outerWidth,outerHeight:e.fn.outerHeight};e.fn["inner"+s]=function(i){return i===t?r["inner"+s].call(this):this.each(function(){e(this).css(o,n(this,i)+"px")})},e.fn["outer"+s]=function(t,i){return"number"!=typeof t?r["outer"+s].call(this,t):this.each(function(){e(this).css(o,n(this,t,!0,i)+"px")})}}),e("<a>").data("a-b","a").removeData("a-b").data("a-b")&&(e.fn.removeData=function(t){return function(i){return arguments.length?t.call(this,e.camelCase(i)):t.call(this)}}(e.fn.removeData)),function(){var t=/msie ([\w.]+)/.exec(navigator.userAgent.toLowerCase())||[];e.ui.ie=t.length?!0:!1,e.ui.ie6=6===parseFloat(t[1],10)}(),e.fn.extend({disableSelection:function(){return this.bind((e.support.selectstart?"selectstart":"mousedown")+".ui-disableSelection",function(e){e.preventDefault()})},enableSelection:function(){return this.unbind(".ui-disableSelection")}}),e.extend(e.ui,{plugin:{add:function(t,i,s){var n,a=e.ui[t].prototype;for(n in s)a.plugins[n]=a.plugins[n]||[],a.plugins[n].push([i,s[n]])},call:function(e,t,i){var s,n=e.plugins[t];if(n&&e.element[0].parentNode&&11!==e.element[0].parentNode.nodeType)for(s=0;n.length>s;s++)e.options[n[s][0]]&&n[s][1].apply(e.element,i)}},contains:e.contains,hasScroll:function(t,i){if("hidden"===e(t).css("overflow"))return!1;var s=i&&"left"===i?"scrollLeft":"scrollTop",n=!1;return t[s]>0?!0:(t[s]=1,n=t[s]>0,t[s]=0,n)},isOverAxis:function(e,t,i){return e>t&&t+i>e},isOver:function(t,i,s,n,a,o){return e.ui.isOverAxis(t,s,a)&&e.ui.isOverAxis(i,n,o)}}))})(jQuery);(function(e,t){var i=0,s=Array.prototype.slice,n=e.cleanData;e.cleanData=function(t){for(var i,s=0;null!=(i=t[s]);s++)try{e(i).triggerHandler("remove")}catch(a){}n(t)},e.widget=function(i,s,n){var a,o,r,h,l=i.split(".")[0];i=i.split(".")[1],a=l+"-"+i,n||(n=s,s=e.Widget),e.expr[":"][a.toLowerCase()]=function(t){return!!e.data(t,a)},e[l]=e[l]||{},o=e[l][i],r=e[l][i]=function(e,i){return this._createWidget?(arguments.length&&this._createWidget(e,i),t):new r(e,i)},e.extend(r,o,{version:n.version,_proto:e.extend({},n),_childConstructors:[]}),h=new s,h.options=e.widget.extend({},h.options),e.each(n,function(t,i){e.isFunction(i)&&(n[t]=function(){var e=function(){return s.prototype[t].apply(this,arguments)},n=function(e){return s.prototype[t].apply(this,e)};return function(){var t,s=this._super,a=this._superApply;return this._super=e,this._superApply=n,t=i.apply(this,arguments),this._super=s,this._superApply=a,t}}())}),r.prototype=e.widget.extend(h,{widgetEventPrefix:o?h.widgetEventPrefix:i},n,{constructor:r,namespace:l,widgetName:i,widgetBaseClass:a,widgetFullName:a}),o?(e.each(o._childConstructors,function(t,i){var s=i.prototype;e.widget(s.namespace+"."+s.widgetName,r,i._proto)}),delete o._childConstructors):s._childConstructors.push(r),e.widget.bridge(i,r)},e.widget.extend=function(i){for(var n,a,o=s.call(arguments,1),r=0,h=o.length;h>r;r++)for(n in o[r])a=o[r][n],o[r].hasOwnProperty(n)&&a!==t&&(i[n]=e.isPlainObject(a)?e.isPlainObject(i[n])?e.widget.extend({},i[n],a):e.widget.extend({},a):a);return i},e.widget.bridge=function(i,n){var a=n.prototype.widgetFullName||i;e.fn[i]=function(o){var r="string"==typeof o,h=s.call(arguments,1),l=this;return o=!r&&h.length?e.widget.extend.apply(null,[o].concat(h)):o,r?this.each(function(){var s,n=e.data(this,a);return n?e.isFunction(n[o])&&"_"!==o.charAt(0)?(s=n[o].apply(n,h),s!==n&&s!==t?(l=s&&s.jquery?l.pushStack(s.get()):s,!1):t):e.error("no such method '"+o+"' for "+i+" widget instance"):e.error("cannot call methods on "+i+" prior to initialization; "+"attempted to call method '"+o+"'")}):this.each(function(){var t=e.data(this,a);t?t.option(o||{})._init():e.data(this,a,new n(o,this))}),l}},e.Widget=function(){},e.Widget._childConstructors=[],e.Widget.prototype={widgetName:"widget",widgetEventPrefix:"",defaultElement:"<div>",options:{disabled:!1,create:null},_createWidget:function(t,s){s=e(s||this.defaultElement||this)[0],this.element=e(s),this.uuid=i++,this.eventNamespace="."+this.widgetName+this.uuid,this.options=e.widget.extend({},this.options,this._getCreateOptions(),t),this.bindings=e(),this.hoverable=e(),this.focusable=e(),s!==this&&(e.data(s,this.widgetName,this),e.data(s,this.widgetFullName,this),this._on(!0,this.element,{remove:function(e){e.target===s&&this.destroy()}}),this.document=e(s.style?s.ownerDocument:s.document||s),this.window=e(this.document[0].defaultView||this.document[0].parentWindow)),this._create(),this._trigger("create",null,this._getCreateEventData()),this._init()},_getCreateOptions:e.noop,_getCreateEventData:e.noop,_create:e.noop,_init:e.noop,destroy:function(){this._destroy(),this.element.unbind(this.eventNamespace).removeData(this.widgetName).removeData(this.widgetFullName).removeData(e.camelCase(this.widgetFullName)),this.widget().unbind(this.eventNamespace).removeAttr("aria-disabled").removeClass(this.widgetFullName+"-disabled "+"ui-state-disabled"),this.bindings.unbind(this.eventNamespace),this.hoverable.removeClass("ui-state-hover"),this.focusable.removeClass("ui-state-focus")},_destroy:e.noop,widget:function(){return this.element},option:function(i,s){var n,a,o,r=i;if(0===arguments.length)return e.widget.extend({},this.options);if("string"==typeof i)if(r={},n=i.split("."),i=n.shift(),n.length){for(a=r[i]=e.widget.extend({},this.options[i]),o=0;n.length-1>o;o++)a[n[o]]=a[n[o]]||{},a=a[n[o]];if(i=n.pop(),s===t)return a[i]===t?null:a[i];a[i]=s}else{if(s===t)return this.options[i]===t?null:this.options[i];r[i]=s}return this._setOptions(r),this},_setOptions:function(e){var t;for(t in e)this._setOption(t,e[t]);return this},_setOption:function(e,t){return this.options[e]=t,"disabled"===e&&(this.widget().toggleClass(this.widgetFullName+"-disabled ui-state-disabled",!!t).attr("aria-disabled",t),this.hoverable.removeClass("ui-state-hover"),this.focusable.removeClass("ui-state-focus")),this},enable:function(){return this._setOption("disabled",!1)},disable:function(){return this._setOption("disabled",!0)},_on:function(i,s,n){var a,o=this;"boolean"!=typeof i&&(n=s,s=i,i=!1),n?(s=a=e(s),this.bindings=this.bindings.add(s)):(n=s,s=this.element,a=this.widget()),e.each(n,function(n,r){function h(){return i||o.options.disabled!==!0&&!e(this).hasClass("ui-state-disabled")?("string"==typeof r?o[r]:r).apply(o,arguments):t}"string"!=typeof r&&(h.guid=r.guid=r.guid||h.guid||e.guid++);var l=n.match(/^(\w+)\s*(.*)$/),u=l[1]+o.eventNamespace,c=l[2];c?a.delegate(c,u,h):s.bind(u,h)})},_off:function(e,t){t=(t||"").split(" ").join(this.eventNamespace+" ")+this.eventNamespace,e.unbind(t).undelegate(t)},_delay:function(e,t){function i(){return("string"==typeof e?s[e]:e).apply(s,arguments)}var s=this;return setTimeout(i,t||0)},_hoverable:function(t){this.hoverable=this.hoverable.add(t),this._on(t,{mouseenter:function(t){e(t.currentTarget).addClass("ui-state-hover")},mouseleave:function(t){e(t.currentTarget).removeClass("ui-state-hover")}})},_focusable:function(t){this.focusable=this.focusable.add(t),this._on(t,{focusin:function(t){e(t.currentTarget).addClass("ui-state-focus")},focusout:function(t){e(t.currentTarget).removeClass("ui-state-focus")}})},_trigger:function(t,i,s){var n,a,o=this.options[t];if(s=s||{},i=e.Event(i),i.type=(t===this.widgetEventPrefix?t:this.widgetEventPrefix+t).toLowerCase(),i.target=this.element[0],a=i.originalEvent)for(n in a)n in i||(i[n]=a[n]);return this.element.trigger(i,s),!(e.isFunction(o)&&o.apply(this.element[0],[i].concat(s))===!1||i.isDefaultPrevented())}},e.each({show:"fadeIn",hide:"fadeOut"},function(t,i){e.Widget.prototype["_"+t]=function(s,n,a){"string"==typeof n&&(n={effect:n});var o,r=n?n===!0||"number"==typeof n?i:n.effect||i:t;n=n||{},"number"==typeof n&&(n={duration:n}),o=!e.isEmptyObject(n),n.complete=a,n.delay&&s.delay(n.delay),o&&e.effects&&(e.effects.effect[r]||e.uiBackCompat!==!1&&e.effects[r])?s[t](n):r!==t&&s[r]?s[r](n.duration,n.easing,a):s.queue(function(i){e(this)[t](),a&&a.call(s[0]),i()})}}),e.uiBackCompat!==!1&&(e.Widget.prototype._getCreateOptions=function(){return e.metadata&&e.metadata.get(this.element[0])[this.widgetName]})})(jQuery);(function(e,t){function i(e,t,i){return[parseInt(e[0],10)*(d.test(e[0])?t/100:1),parseInt(e[1],10)*(d.test(e[1])?i/100:1)]}function s(t,i){return parseInt(e.css(t,i),10)||0}e.ui=e.ui||{};var n,a=Math.max,o=Math.abs,r=Math.round,h=/left|center|right/,l=/top|center|bottom/,u=/[\+\-]\d+%?/,c=/^\w+/,d=/%$/,p=e.fn.position;e.position={scrollbarWidth:function(){if(n!==t)return n;var i,s,a=e("<div style='display:block;width:50px;height:50px;overflow:hidden;'><div style='height:100px;width:auto;'></div></div>"),o=a.children()[0];return e("body").append(a),i=o.offsetWidth,a.css("overflow","scroll"),s=o.offsetWidth,i===s&&(s=a[0].clientWidth),a.remove(),n=i-s},getScrollInfo:function(t){var i=t.isWindow?"":t.element.css("overflow-x"),s=t.isWindow?"":t.element.css("overflow-y"),n="scroll"===i||"auto"===i&&t.width<t.element[0].scrollWidth,a="scroll"===s||"auto"===s&&t.height<t.element[0].scrollHeight;return{width:n?e.position.scrollbarWidth():0,height:a?e.position.scrollbarWidth():0}},getWithinInfo:function(t){var i=e(t||window),s=e.isWindow(i[0]);return{element:i,isWindow:s,offset:i.offset()||{left:0,top:0},scrollLeft:i.scrollLeft(),scrollTop:i.scrollTop(),width:s?i.width():i.outerWidth(),height:s?i.height():i.outerHeight()}}},e.fn.position=function(t){if(!t||!t.of)return p.apply(this,arguments);t=e.extend({},t);var n,d,f,m,g,v=e(t.of),y=e.position.getWithinInfo(t.within),b=e.position.getScrollInfo(y),_=v[0],x=(t.collision||"flip").split(" "),k={};return 9===_.nodeType?(d=v.width(),f=v.height(),m={top:0,left:0}):e.isWindow(_)?(d=v.width(),f=v.height(),m={top:v.scrollTop(),left:v.scrollLeft()}):_.preventDefault?(t.at="left top",d=f=0,m={top:_.pageY,left:_.pageX}):(d=v.outerWidth(),f=v.outerHeight(),m=v.offset()),g=e.extend({},m),e.each(["my","at"],function(){var e,i,s=(t[this]||"").split(" ");1===s.length&&(s=h.test(s[0])?s.concat(["center"]):l.test(s[0])?["center"].concat(s):["center","center"]),s[0]=h.test(s[0])?s[0]:"center",s[1]=l.test(s[1])?s[1]:"center",e=u.exec(s[0]),i=u.exec(s[1]),k[this]=[e?e[0]:0,i?i[0]:0],t[this]=[c.exec(s[0])[0],c.exec(s[1])[0]]}),1===x.length&&(x[1]=x[0]),"right"===t.at[0]?g.left+=d:"center"===t.at[0]&&(g.left+=d/2),"bottom"===t.at[1]?g.top+=f:"center"===t.at[1]&&(g.top+=f/2),n=i(k.at,d,f),g.left+=n[0],g.top+=n[1],this.each(function(){var h,l,u=e(this),c=u.outerWidth(),p=u.outerHeight(),_=s(this,"marginLeft"),w=s(this,"marginTop"),T=c+_+s(this,"marginRight")+b.width,D=p+w+s(this,"marginBottom")+b.height,S=e.extend({},g),M=i(k.my,u.outerWidth(),u.outerHeight());"right"===t.my[0]?S.left-=c:"center"===t.my[0]&&(S.left-=c/2),"bottom"===t.my[1]?S.top-=p:"center"===t.my[1]&&(S.top-=p/2),S.left+=M[0],S.top+=M[1],e.support.offsetFractions||(S.left=r(S.left),S.top=r(S.top)),h={marginLeft:_,marginTop:w},e.each(["left","top"],function(i,s){e.ui.position[x[i]]&&e.ui.position[x[i]][s](S,{targetWidth:d,targetHeight:f,elemWidth:c,elemHeight:p,collisionPosition:h,collisionWidth:T,collisionHeight:D,offset:[n[0]+M[0],n[1]+M[1]],my:t.my,at:t.at,within:y,elem:u})}),e.fn.bgiframe&&u.bgiframe(),t.using&&(l=function(e){var i=m.left-S.left,s=i+d-c,n=m.top-S.top,r=n+f-p,h={target:{element:v,left:m.left,top:m.top,width:d,height:f},element:{element:u,left:S.left,top:S.top,width:c,height:p},horizontal:0>s?"left":i>0?"right":"center",vertical:0>r?"top":n>0?"bottom":"middle"};c>d&&d>o(i+s)&&(h.horizontal="center"),p>f&&f>o(n+r)&&(h.vertical="middle"),h.important=a(o(i),o(s))>a(o(n),o(r))?"horizontal":"vertical",t.using.call(this,e,h)}),u.offset(e.extend(S,{using:l}))})},e.ui.position={fit:{left:function(e,t){var i,s=t.within,n=s.isWindow?s.scrollLeft:s.offset.left,o=s.width,r=e.left-t.collisionPosition.marginLeft,h=n-r,l=r+t.collisionWidth-o-n;t.collisionWidth>o?h>0&&0>=l?(i=e.left+h+t.collisionWidth-o-n,e.left+=h-i):e.left=l>0&&0>=h?n:h>l?n+o-t.collisionWidth:n:h>0?e.left+=h:l>0?e.left-=l:e.left=a(e.left-r,e.left)},top:function(e,t){var i,s=t.within,n=s.isWindow?s.scrollTop:s.offset.top,o=t.within.height,r=e.top-t.collisionPosition.marginTop,h=n-r,l=r+t.collisionHeight-o-n;t.collisionHeight>o?h>0&&0>=l?(i=e.top+h+t.collisionHeight-o-n,e.top+=h-i):e.top=l>0&&0>=h?n:h>l?n+o-t.collisionHeight:n:h>0?e.top+=h:l>0?e.top-=l:e.top=a(e.top-r,e.top)}},flip:{left:function(e,t){var i,s,n=t.within,a=n.offset.left+n.scrollLeft,r=n.width,h=n.isWindow?n.scrollLeft:n.offset.left,l=e.left-t.collisionPosition.marginLeft,u=l-h,c=l+t.collisionWidth-r-h,d="left"===t.my[0]?-t.elemWidth:"right"===t.my[0]?t.elemWidth:0,p="left"===t.at[0]?t.targetWidth:"right"===t.at[0]?-t.targetWidth:0,f=-2*t.offset[0];0>u?(i=e.left+d+p+f+t.collisionWidth-r-a,(0>i||o(u)>i)&&(e.left+=d+p+f)):c>0&&(s=e.left-t.collisionPosition.marginLeft+d+p+f-h,(s>0||c>o(s))&&(e.left+=d+p+f))},top:function(e,t){var i,s,n=t.within,a=n.offset.top+n.scrollTop,r=n.height,h=n.isWindow?n.scrollTop:n.offset.top,l=e.top-t.collisionPosition.marginTop,u=l-h,c=l+t.collisionHeight-r-h,d="top"===t.my[1],p=d?-t.elemHeight:"bottom"===t.my[1]?t.elemHeight:0,f="top"===t.at[1]?t.targetHeight:"bottom"===t.at[1]?-t.targetHeight:0,m=-2*t.offset[1];0>u?(s=e.top+p+f+m+t.collisionHeight-r-a,e.top+p+f+m>u&&(0>s||o(u)>s)&&(e.top+=p+f+m)):c>0&&(i=e.top-t.collisionPosition.marginTop+p+f+m-h,e.top+p+f+m>c&&(i>0||c>o(i))&&(e.top+=p+f+m))}},flipfit:{left:function(){e.ui.position.flip.left.apply(this,arguments),e.ui.position.fit.left.apply(this,arguments)},top:function(){e.ui.position.flip.top.apply(this,arguments),e.ui.position.fit.top.apply(this,arguments)}}},function(){var t,i,s,n,a,o=document.getElementsByTagName("body")[0],r=document.createElement("div");t=document.createElement(o?"div":"body"),s={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},o&&e.extend(s,{position:"absolute",left:"-1000px",top:"-1000px"});for(a in s)t.style[a]=s[a];t.appendChild(r),i=o||document.documentElement,i.insertBefore(t,i.firstChild),r.style.cssText="position: absolute; left: 10.7432222px;",n=e(r).offset().left,e.support.offsetFractions=n>10&&11>n,t.innerHTML="",i.removeChild(t)}(),e.uiBackCompat!==!1&&function(e){var i=e.fn.position;e.fn.position=function(s){if(!s||!s.offset)return i.call(this,s);var n=s.offset.split(" "),a=s.at.split(" ");return 1===n.length&&(n[1]=n[0]),/^\d/.test(n[0])&&(n[0]="+"+n[0]),/^\d/.test(n[1])&&(n[1]="+"+n[1]),1===a.length&&(/left|center|right/.test(a[0])?a[1]="center":(a[1]=a[0],a[0]="center")),i.call(this,e.extend(s,{at:a[0]+n[0]+" "+a[1]+n[1],offset:t}))}}(jQuery)})(jQuery);(function(e){var t=0;e.widget("ui.autocomplete",{version:"1.9.2",defaultElement:"<input>",options:{appendTo:"body",autoFocus:!1,delay:300,minLength:1,position:{my:"left top",at:"left bottom",collision:"none"},source:null,change:null,close:null,focus:null,open:null,response:null,search:null,select:null},pending:0,_create:function(){var t,i,s;this.isMultiLine=this._isMultiLine(),this.valueMethod=this.element[this.element.is("input,textarea")?"val":"text"],this.isNewMenu=!0,this.element.addClass("ui-autocomplete-input").attr("autocomplete","off"),this._on(this.element,{keydown:function(n){if(this.element.prop("readOnly"))return t=!0,s=!0,i=!0,undefined;t=!1,s=!1,i=!1;var a=e.ui.keyCode;switch(n.keyCode){case a.PAGE_UP:t=!0,this._move("previousPage",n);break;case a.PAGE_DOWN:t=!0,this._move("nextPage",n);break;case a.UP:t=!0,this._keyEvent("previous",n);break;case a.DOWN:t=!0,this._keyEvent("next",n);break;case a.ENTER:case a.NUMPAD_ENTER:this.menu.active&&(t=!0,n.preventDefault(),this.menu.select(n));break;case a.TAB:this.menu.active&&this.menu.select(n);break;case a.ESCAPE:this.menu.element.is(":visible")&&(this._value(this.term),this.close(n),n.preventDefault());break;default:i=!0,this._searchTimeout(n)}},keypress:function(s){if(t)return t=!1,s.preventDefault(),undefined;if(!i){var n=e.ui.keyCode;switch(s.keyCode){case n.PAGE_UP:this._move("previousPage",s);break;case n.PAGE_DOWN:this._move("nextPage",s);break;case n.UP:this._keyEvent("previous",s);break;case n.DOWN:this._keyEvent("next",s)}}},input:function(e){return s?(s=!1,e.preventDefault(),undefined):(this._searchTimeout(e),undefined)},focus:function(){this.selectedItem=null,this.previous=this._value()},blur:function(e){return this.cancelBlur?(delete this.cancelBlur,undefined):(clearTimeout(this.searching),this.close(e),this._change(e),undefined)}}),this._initSource(),this.menu=e("<ul>").addClass("ui-autocomplete").appendTo(this.document.find(this.options.appendTo||"body")[0]).menu({input:e(),role:null}).zIndex(this.element.zIndex()+1).hide().data("menu"),this._on(this.menu.element,{mousedown:function(t){t.preventDefault(),this.cancelBlur=!0,this._delay(function(){delete this.cancelBlur});var i=this.menu.element[0];e(t.target).closest(".ui-menu-item").length||this._delay(function(){var t=this;this.document.one("mousedown",function(s){s.target===t.element[0]||s.target===i||e.contains(i,s.target)||t.close()})})},menufocus:function(t,i){if(this.isNewMenu&&(this.isNewMenu=!1,t.originalEvent&&/^mouse/.test(t.originalEvent.type)))return this.menu.blur(),this.document.one("mousemove",function(){e(t.target).trigger(t.originalEvent)}),undefined;var s=i.item.data("ui-autocomplete-item")||i.item.data("item.autocomplete");!1!==this._trigger("focus",t,{item:s})?t.originalEvent&&/^key/.test(t.originalEvent.type)&&this._value(s.value):this.liveRegion.text(s.value)},menuselect:function(e,t){var i=t.item.data("ui-autocomplete-item")||t.item.data("item.autocomplete"),s=this.previous;this.element[0]!==this.document[0].activeElement&&(this.element.focus(),this.previous=s,this._delay(function(){this.previous=s,this.selectedItem=i})),!1!==this._trigger("select",e,{item:i})&&this._value(i.value),this.term=this._value(),this.close(e),this.selectedItem=i}}),this.liveRegion=e("<span>",{role:"status","aria-live":"polite"}).addClass("ui-helper-hidden-accessible").insertAfter(this.element),e.fn.bgiframe&&this.menu.element.bgiframe(),this._on(this.window,{beforeunload:function(){this.element.removeAttr("autocomplete")}})},_destroy:function(){clearTimeout(this.searching),this.element.removeClass("ui-autocomplete-input").removeAttr("autocomplete"),this.menu.element.remove(),this.liveRegion.remove()},_setOption:function(e,t){this._super(e,t),"source"===e&&this._initSource(),"appendTo"===e&&this.menu.element.appendTo(this.document.find(t||"body")[0]),"disabled"===e&&t&&this.xhr&&this.xhr.abort()},_isMultiLine:function(){return this.element.is("textarea")?!0:this.element.is("input")?!1:this.element.prop("isContentEditable")},_initSource:function(){var t,i,s=this;e.isArray(this.options.source)?(t=this.options.source,this.source=function(i,s){s(e.ui.autocomplete.filter(t,i.term))}):"string"==typeof this.options.source?(i=this.options.source,this.source=function(t,n){s.xhr&&s.xhr.abort(),s.xhr=e.ajax({url:i,data:t,dataType:"json",success:function(e){n(e)},error:function(){n([])}})}):this.source=this.options.source},_searchTimeout:function(e){clearTimeout(this.searching),this.searching=this._delay(function(){this.term!==this._value()&&(this.selectedItem=null,this.search(null,e))},this.options.delay)},search:function(e,t){return e=null!=e?e:this._value(),this.term=this._value(),e.length<this.options.minLength?this.close(t):this._trigger("search",t)!==!1?this._search(e):undefined},_search:function(e){this.pending++,this.element.addClass("ui-autocomplete-loading"),this.cancelSearch=!1,this.source({term:e},this._response())},_response:function(){var e=this,i=++t;return function(s){i===t&&e.__response(s),e.pending--,e.pending||e.element.removeClass("ui-autocomplete-loading")}},__response:function(e){e&&(e=this._normalize(e)),this._trigger("response",null,{content:e}),!this.options.disabled&&e&&e.length&&!this.cancelSearch?(this._suggest(e),this._trigger("open")):this._close()},close:function(e){this.cancelSearch=!0,this._close(e)},_close:function(e){this.menu.element.is(":visible")&&(this.menu.element.hide(),this.menu.blur(),this.isNewMenu=!0,this._trigger("close",e))},_change:function(e){this.previous!==this._value()&&this._trigger("change",e,{item:this.selectedItem})},_normalize:function(t){return t.length&&t[0].label&&t[0].value?t:e.map(t,function(t){return"string"==typeof t?{label:t,value:t}:e.extend({label:t.label||t.value,value:t.value||t.label},t)})},_suggest:function(t){var i=this.menu.element.empty().zIndex(this.element.zIndex()+1);this._renderMenu(i,t),this.menu.refresh(),i.show(),this._resizeMenu(),i.position(e.extend({of:this.element},this.options.position)),this.options.autoFocus&&this.menu.next()},_resizeMenu:function(){var e=this.menu.element;e.outerWidth(Math.max(e.width("").outerWidth()+1,this.element.outerWidth()))},_renderMenu:function(t,i){var s=this;e.each(i,function(e,i){s._renderItemData(t,i)})},_renderItemData:function(e,t){return this._renderItem(e,t).data("ui-autocomplete-item",t)},_renderItem:function(t,i){return e("<li>").append(e("<a>").text(i.label)).appendTo(t)},_move:function(e,t){return this.menu.element.is(":visible")?this.menu.isFirstItem()&&/^previous/.test(e)||this.menu.isLastItem()&&/^next/.test(e)?(this._value(this.term),this.menu.blur(),undefined):(this.menu[e](t),undefined):(this.search(null,t),undefined)},widget:function(){return this.menu.element},_value:function(){return this.valueMethod.apply(this.element,arguments)},_keyEvent:function(e,t){(!this.isMultiLine||this.menu.element.is(":visible"))&&(this._move(e,t),t.preventDefault())}}),e.extend(e.ui.autocomplete,{escapeRegex:function(e){return e.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&")},filter:function(t,i){var s=RegExp(e.ui.autocomplete.escapeRegex(i),"i");return e.grep(t,function(e){return s.test(e.label||e.value||e)})}}),e.widget("ui.autocomplete",e.ui.autocomplete,{options:{messages:{noResults:"No search results.",results:function(e){return e+(e>1?" results are":" result is")+" available, use up and down arrow keys to navigate."}}},__response:function(e){var t;this._superApply(arguments),this.options.disabled||this.cancelSearch||(t=e&&e.length?this.options.messages.results(e.length):this.options.messages.noResults,this.liveRegion.text(t))}})})(jQuery);(function(e){var t=!1;e.widget("ui.menu",{version:"1.9.2",defaultElement:"<ul>",delay:300,options:{icons:{submenu:"ui-icon-carat-1-e"},menus:"ul",position:{my:"left top",at:"right top"},role:"menu",blur:null,focus:null,select:null},_create:function(){this.activeMenu=this.element,this.element.uniqueId().addClass("ui-menu ui-widget ui-widget-content ui-corner-all").toggleClass("ui-menu-icons",!!this.element.find(".ui-icon").length).attr({role:this.options.role,tabIndex:0}).bind("click"+this.eventNamespace,e.proxy(function(e){this.options.disabled&&e.preventDefault()},this)),this.options.disabled&&this.element.addClass("ui-state-disabled").attr("aria-disabled","true"),this._on({"mousedown .ui-menu-item > a":function(e){e.preventDefault()},"click .ui-state-disabled > a":function(e){e.preventDefault()},"click .ui-menu-item:has(a)":function(i){var s=e(i.target).closest(".ui-menu-item");!t&&s.not(".ui-state-disabled").length&&(t=!0,this.select(i),s.has(".ui-menu").length?this.expand(i):this.element.is(":focus")||(this.element.trigger("focus",[!0]),this.active&&1===this.active.parents(".ui-menu").length&&clearTimeout(this.timer)))},"mouseenter .ui-menu-item":function(t){var i=e(t.currentTarget);i.siblings().children(".ui-state-active").removeClass("ui-state-active"),this.focus(t,i)},mouseleave:"collapseAll","mouseleave .ui-menu":"collapseAll",focus:function(e,t){var i=this.active||this.element.children(".ui-menu-item").eq(0);t||this.focus(e,i)},blur:function(t){this._delay(function(){e.contains(this.element[0],this.document[0].activeElement)||this.collapseAll(t)})},keydown:"_keydown"}),this.refresh(),this._on(this.document,{click:function(i){e(i.target).closest(".ui-menu").length||this.collapseAll(i),t=!1}})},_destroy:function(){this.element.removeAttr("aria-activedescendant").find(".ui-menu").andSelf().removeClass("ui-menu ui-widget ui-widget-content ui-corner-all ui-menu-icons").removeAttr("role").removeAttr("tabIndex").removeAttr("aria-labelledby").removeAttr("aria-expanded").removeAttr("aria-hidden").removeAttr("aria-disabled").removeUniqueId().show(),this.element.find(".ui-menu-item").removeClass("ui-menu-item").removeAttr("role").removeAttr("aria-disabled").children("a").removeUniqueId().removeClass("ui-corner-all ui-state-hover").removeAttr("tabIndex").removeAttr("role").removeAttr("aria-haspopup").children().each(function(){var t=e(this);t.data("ui-menu-submenu-carat")&&t.remove()}),this.element.find(".ui-menu-divider").removeClass("ui-menu-divider ui-widget-content")},_keydown:function(t){function i(e){return e.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&")}var s,n,a,o,r,h=!0;switch(t.keyCode){case e.ui.keyCode.PAGE_UP:this.previousPage(t);break;case e.ui.keyCode.PAGE_DOWN:this.nextPage(t);break;case e.ui.keyCode.HOME:this._move("first","first",t);break;case e.ui.keyCode.END:this._move("last","last",t);break;case e.ui.keyCode.UP:this.previous(t);break;case e.ui.keyCode.DOWN:this.next(t);break;case e.ui.keyCode.LEFT:this.collapse(t);break;case e.ui.keyCode.RIGHT:this.active&&!this.active.is(".ui-state-disabled")&&this.expand(t);break;case e.ui.keyCode.ENTER:case e.ui.keyCode.SPACE:this._activate(t);break;case e.ui.keyCode.ESCAPE:this.collapse(t);break;default:h=!1,n=this.previousFilter||"",a=String.fromCharCode(t.keyCode),o=!1,clearTimeout(this.filterTimer),a===n?o=!0:a=n+a,r=RegExp("^"+i(a),"i"),s=this.activeMenu.children(".ui-menu-item").filter(function(){return r.test(e(this).children("a").text())}),s=o&&-1!==s.index(this.active.next())?this.active.nextAll(".ui-menu-item"):s,s.length||(a=String.fromCharCode(t.keyCode),r=RegExp("^"+i(a),"i"),s=this.activeMenu.children(".ui-menu-item").filter(function(){return r.test(e(this).children("a").text())})),s.length?(this.focus(t,s),s.length>1?(this.previousFilter=a,this.filterTimer=this._delay(function(){delete this.previousFilter},1e3)):delete this.previousFilter):delete this.previousFilter}h&&t.preventDefault()},_activate:function(e){this.active.is(".ui-state-disabled")||(this.active.children("a[aria-haspopup='true']").length?this.expand(e):this.select(e))},refresh:function(){var t,i=this.options.icons.submenu,s=this.element.find(this.options.menus);s.filter(":not(.ui-menu)").addClass("ui-menu ui-widget ui-widget-content ui-corner-all").hide().attr({role:this.options.role,"aria-hidden":"true","aria-expanded":"false"}).each(function(){var t=e(this),s=t.prev("a"),n=e("<span>").addClass("ui-menu-icon ui-icon "+i).data("ui-menu-submenu-carat",!0);s.attr("aria-haspopup","true").prepend(n),t.attr("aria-labelledby",s.attr("id"))}),t=s.add(this.element),t.children(":not(.ui-menu-item):has(a)").addClass("ui-menu-item").attr("role","presentation").children("a").uniqueId().addClass("ui-corner-all").attr({tabIndex:-1,role:this._itemRole()}),t.children(":not(.ui-menu-item)").each(function(){var t=e(this);/[^\-—–\s]/.test(t.text())||t.addClass("ui-widget-content ui-menu-divider")}),t.children(".ui-state-disabled").attr("aria-disabled","true"),this.active&&!e.contains(this.element[0],this.active[0])&&this.blur()},_itemRole:function(){return{menu:"menuitem",listbox:"option"}[this.options.role]},focus:function(e,t){var i,s;this.blur(e,e&&"focus"===e.type),this._scrollIntoView(t),this.active=t.first(),s=this.active.children("a").addClass("ui-state-focus"),this.options.role&&this.element.attr("aria-activedescendant",s.attr("id")),this.active.parent().closest(".ui-menu-item").children("a:first").addClass("ui-state-active"),e&&"keydown"===e.type?this._close():this.timer=this._delay(function(){this._close()},this.delay),i=t.children(".ui-menu"),i.length&&/^mouse/.test(e.type)&&this._startOpening(i),this.activeMenu=t.parent(),this._trigger("focus",e,{item:t})},_scrollIntoView:function(t){var i,s,n,a,o,r;this._hasScroll()&&(i=parseFloat(e.css(this.activeMenu[0],"borderTopWidth"))||0,s=parseFloat(e.css(this.activeMenu[0],"paddingTop"))||0,n=t.offset().top-this.activeMenu.offset().top-i-s,a=this.activeMenu.scrollTop(),o=this.activeMenu.height(),r=t.height(),0>n?this.activeMenu.scrollTop(a+n):n+r>o&&this.activeMenu.scrollTop(a+n-o+r))},blur:function(e,t){t||clearTimeout(this.timer),this.active&&(this.active.children("a").removeClass("ui-state-focus"),this.active=null,this._trigger("blur",e,{item:this.active}))},_startOpening:function(e){clearTimeout(this.timer),"true"===e.attr("aria-hidden")&&(this.timer=this._delay(function(){this._close(),this._open(e)},this.delay))},_open:function(t){var i=e.extend({of:this.active},this.options.position);clearTimeout(this.timer),this.element.find(".ui-menu").not(t.parents(".ui-menu")).hide().attr("aria-hidden","true"),t.show().removeAttr("aria-hidden").attr("aria-expanded","true").position(i)},collapseAll:function(t,i){clearTimeout(this.timer),this.timer=this._delay(function(){var s=i?this.element:e(t&&t.target).closest(this.element.find(".ui-menu"));s.length||(s=this.element),this._close(s),this.blur(t),this.activeMenu=s},this.delay)},_close:function(e){e||(e=this.active?this.active.parent():this.element),e.find(".ui-menu").hide().attr("aria-hidden","true").attr("aria-expanded","false").end().find("a.ui-state-active").removeClass("ui-state-active")},collapse:function(e){var t=this.active&&this.active.parent().closest(".ui-menu-item",this.element);t&&t.length&&(this._close(),this.focus(e,t))},expand:function(e){var t=this.active&&this.active.children(".ui-menu ").children(".ui-menu-item").first();t&&t.length&&(this._open(t.parent()),this._delay(function(){this.focus(e,t)}))},next:function(e){this._move("next","first",e)},previous:function(e){this._move("prev","last",e)},isFirstItem:function(){return this.active&&!this.active.prevAll(".ui-menu-item").length},isLastItem:function(){return this.active&&!this.active.nextAll(".ui-menu-item").length},_move:function(e,t,i){var s;this.active&&(s="first"===e||"last"===e?this.active["first"===e?"prevAll":"nextAll"](".ui-menu-item").eq(-1):this.active[e+"All"](".ui-menu-item").eq(0)),s&&s.length&&this.active||(s=this.activeMenu.children(".ui-menu-item")[t]()),this.focus(i,s)},nextPage:function(t){var i,s,n;return this.active?(this.isLastItem()||(this._hasScroll()?(s=this.active.offset().top,n=this.element.height(),this.active.nextAll(".ui-menu-item").each(function(){return i=e(this),0>i.offset().top-s-n}),this.focus(t,i)):this.focus(t,this.activeMenu.children(".ui-menu-item")[this.active?"last":"first"]())),undefined):(this.next(t),undefined)},previousPage:function(t){var i,s,n;return this.active?(this.isFirstItem()||(this._hasScroll()?(s=this.active.offset().top,n=this.element.height(),this.active.prevAll(".ui-menu-item").each(function(){return i=e(this),i.offset().top-s+n>0}),this.focus(t,i)):this.focus(t,this.activeMenu.children(".ui-menu-item").first())),undefined):(this.next(t),undefined)},_hasScroll:function(){return this.element.outerHeight()<this.element.prop("scrollHeight")},select:function(t){this.active=this.active||e(t.target).closest(".ui-menu-item");var i={item:this.active};this.active.has(".ui-menu").length||this.collapseAll(t,!0),this._trigger("select",t,i)}})})(jQuery);
\ No newline at end of file

From 704672457bd52e6ce1e01b4c49daa5e36b466582 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Thu, 30 Oct 2014 18:02:31 +0300
Subject: [PATCH 45/57] Futon: support document copying

Based on Patrick Antivackis work. Thanks!

COUCHDB-241
---
 share/Makefile.am                    |   2 ++
 share/www/dialog/_copy_document.html |  29 +++++++++++++++++++++++++
 share/www/document.html              |   2 ++
 share/www/image/copy.png             | Bin 0 -> 780 bytes
 share/www/script/futon.browse.js     |  31 +++++++++++++++++++++++++++
 share/www/style/layout.css           |   3 +++
 6 files changed, 67 insertions(+)
 create mode 100644 share/www/dialog/_copy_document.html
 create mode 100644 share/www/image/copy.png

diff --git a/share/Makefile.am b/share/Makefile.am
index 49723394f14..1598dfff6af 100644
--- a/share/Makefile.am
+++ b/share/Makefile.am
@@ -59,6 +59,7 @@ nobase_dist_localdata_DATA = \
     www/dialog/_admin_party.html \
     www/dialog/_change_password.html \
     www/dialog/_compact_cleanup.html \
+    www/dialog/_copy_document.html \
     www/dialog/_create_admin.html \
     www/dialog/_login.html \
     www/dialog/_signup.html \
@@ -101,6 +102,7 @@ nobase_dist_localdata_DATA = \
     www/image/bg.png \
     www/image/cancel.gif \
     www/image/compact.png \
+    www/image/copy.png \
     www/image/delete-mini.png \
     www/image/delete.png \
     www/image/grippie.gif \
diff --git a/share/www/dialog/_copy_document.html b/share/www/dialog/_copy_document.html
new file mode 100644
index 00000000000..fe49e819966
--- /dev/null
+++ b/share/www/dialog/_copy_document.html
@@ -0,0 +1,29 @@
+<!--
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License.  You may obtain a copy of the
+License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations under the License.
+
+-->
+<form action="" method="post">
+  <h2>Copy Document</h2>
+  <fieldset>
+    <p class="help help-copy">
+      Please enter a unique ID of the document:
+    </p>
+    <table summary="" class="help-copy"><tbody><tr>
+      <td><input type="text" name="docid" size="32"></td>
+    </tr></table>
+  </fieldset>
+  <div class="buttons">
+    <button type="submit">Copy</button>
+    <button type="button" class="cancel">Cancel</button>
+  </div>
+</form>
diff --git a/share/www/document.html b/share/www/document.html
index e041cd9f0b8..1509475b72e 100644
--- a/share/www/document.html
+++ b/share/www/document.html
@@ -55,6 +55,7 @@
         $("#toolbar button.save").click(page.saveDocument);
         $("#toolbar button.add").click(page.addField);
         $("#toolbar button.load").click(page.uploadAttachment);
+        $("#toolbar button.copy").click(page.copyDocument);
         if (page.isNew) {
           $("#toolbar button.delete").hide();
         } else {
@@ -76,6 +77,7 @@ <h1>
         <li><button class="save">Save Document</button></li>
         <li><button class="add">Add Field</button></li>
         <li><button class="load">Upload Attachment…</button></li>
+        <li><button class="copy">Copy Document…</button></li>
         <li><button class="delete">Delete Document…</button></li>
       </ul>
 
diff --git a/share/www/image/copy.png b/share/www/image/copy.png
new file mode 100644
index 0000000000000000000000000000000000000000..07b4f79159af9694629eeccc9362b24a4cf73821
GIT binary patch
literal 780
zcmeAS@N?(olHy`uVBq!ia0vp^0zjO=!3-po`I#mGDdu7)&kzm{j@u9Y9{{;?0(?ST
z|NsA=1_s8)#>fmHx4OEzxVRW7xNO<7nKNfjnl!1qySt^OWy6LIKtZ5_`}gl(yLRo&
znKSR+y?grfDUb^^?fduda4tml=+UEl_wL=gbt_OKno$rda&mHj21Z3i1qTQF`1rWE
zxL8_R0?qeTypaiXr%6eWUoeB9l2Ten$IO|lR;}6%0zhl;-n|R73TP(|aQ$iNcA$RF
z0*}aI1_o{+5N5n|x9$&6P`<=9q9iy!t)x7$D3!rCF}Wx|H#H?QQNb;<D78GlD7#p}
zVr#~w3ZPO6kW%NO)Wnj^{5*w_%-mE4BSSp{OFbh419PFz-#0QaFjjcFIEGmCz72|Q
zYBCUDuGCP{ZfXdcFny7TR?xfp?QgfZmObTq#+-i1WTvA?tK(JP+h!%96EEa)#(ru0
z+h#a7|GVRc`&_+Tf6p6s_1Pa-p|GJ$UF7(SEt?$<$;@#OXk^y&N!xkOvhRG~X_0M*
z?%risc;M+$j=7x9KBmG}{ae=>bU76yY>Y{gJ@g^L_i%mRzL>n7|HS1ZB;^$6ZJbrr
z>~SLe)kO0>KmXL#d!6N~yZx$YXIa47DW)%Pxz9UN7-X_UIs4fK+b(W_n`>Xr;7;sX
zc23~bJKbObR=qOczJR`+yMcD~&-8O)z8ZDpk&-8uPSVeW+}O}kYu@*c0>^UI-Q)GP
z$NcZ+&sb*Pw{NBIUQ4eTi@q;hCNl5e?>R|6OWm5km7d;on>%FICdro$r%d`TPcle5
zETgf~=!e~>U!F6$cN=`s{d4m!L%B%aPaQ$6YPqw{{{`%f|GMW?ytxs7`O7IzUmmju
tyN(?;*>k@6SL3OR(@*PO|DSYB-|e=S=?~jjFJL?|c)I$ztaD0e0sshwaZUgL

literal 0
HcmV?d00001

diff --git a/share/www/script/futon.browse.js b/share/www/script/futon.browse.js
index 241164c6e6e..75b1624f2fc 100644
--- a/share/www/script/futon.browse.js
+++ b/share/www/script/futon.browse.js
@@ -1094,6 +1094,37 @@
         });
       }
 
+      this.copyDocument = function() {
+        if (page.isDirty) {
+          alert("You need to save or revert any changes you have made to the " +
+                "document before you can copy it.");
+            return false;
+        }
+        $.showDialog("dialog/_copy_document.html", {
+          submit: function (data, callback) {
+            if (!data.docid || data.docid.length == 0) {
+              callback({docid: "Please enter a document ID."});
+              return;
+            }
+            db.copyDoc(
+              page.doc._id,
+              {
+                docid: data.docid
+              },
+              {
+                error: function (status, error, reason) {
+                  callback({docid: reason});
+              },
+                success: function (resp) {
+                  location.href = "document.html?"
+                                + encodeURIComponent(dbName)
+                                + "/" + $.couch.encodeDocId(resp.id);
+              }
+            });
+          }
+        });
+      };
+
       window.onbeforeunload = function() {
         if (page.isDirty) {
           return "You've made changes to this document that have not been " +
diff --git a/share/www/style/layout.css b/share/www/style/layout.css
index 54a183ac2ca..055e79128b9 100644
--- a/share/www/style/layout.css
+++ b/share/www/style/layout.css
@@ -246,6 +246,7 @@ body.fullwidth #wrap { margin-right: 0; }
 #toolbar button.run { background-image: url(../image/run.png); }
 #toolbar button.save { background-image: url(../image/save.png); }
 #toolbar button.share { background-image: url(../image/compact.png); }
+#toolbar button.copy { background-image: url(../image/copy.png); }
 
 /* Dialogs */
 
@@ -282,7 +283,9 @@ body.loading #dialog h2 {
   -webkit-border-bottom-right-radius: 7px;
 }
 #dialog p.help { color: #bbb; font-size: 95%; margin: 0 0 1em; }
+#dialog p.help-copy { margin-top: 1em; margin-bottom: 0; padding-left: 0.6em; }
 #dialog fieldset table { margin-top: 1em; }
+#dialog fieldset table.help-copy { margin-top: 0; }
 #dialog fieldset th, #dialog fieldset td { padding: .5em;
   vertical-align: top;
 }

From f30f3dd2a6f9a2b063c0d00c9eff2d8b3209c24a Mon Sep 17 00:00:00 2001
From: Terin Stock <terinjokes@gmail.com>
Date: Sun, 20 Apr 2014 11:40:25 +0100
Subject: [PATCH 46/57] Support for user configurable SSL ciphers

---
 etc/couchdb/local.ini         |  9 +++++++++
 share/doc/src/config/http.rst | 24 ++++++++++++++++++++++++
 src/couchdb/couch_httpd.erl   |  8 +++++++-
 3 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/etc/couchdb/local.ini b/etc/couchdb/local.ini
index 8aae3315f99..b102881846c 100644
--- a/etc/couchdb/local.ini
+++ b/etc/couchdb/local.ini
@@ -75,6 +75,15 @@ verify_ssl_certificates = false
 ;verify_fun = {Module, VerifyFun}
 ; maximum peer certificate depth
 ssl_certificate_max_depth = 1
+;
+; Reject renegotiations that do not live up to RFC 5746.
+;secure_renegotiate = true
+; The cipher suites that should be supported.
+; Can be specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}"
+; or in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
+;ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
+; The SSL/TLS versions to support
+;tls_versions = [sslv3, tlsv1, 'tlsv1.1', 'tlsv1.2']
 
 ; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to
 ; the Virual Host will be redirected to the path. In the example below all requests
diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
index 4084be5e08a..3b808e9fb57 100644
--- a/share/doc/src/config/http.rst
+++ b/share/doc/src/config/http.rst
@@ -390,6 +390,30 @@ Secure Socket Level Options
       [ssl]
       verify_ssl_certificates = false
 
+  .. config:option:: secure_renegotiate :: Enable secure renegotiation
+
+    Set to `true` to reject renegotiation attempt that does not live up to RFC 5746::
+
+      [ssl]
+      secure_renegotiate = true
+
+  .. config:option:: ciphers :: Specify permitted server cipher list
+
+    Set to the cipher suites that should be supported which can be
+    specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}" or
+    in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
+
+      [ssl]
+      ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
+
+  .. config:option:: tls_versions :: Specify permitted server SSL/TLS
+                     protocol versions
+
+    Set to a list of permitted SSL/TLS protocol versions::
+
+      [ssl]
+      tls_versions = [sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2']
+
 
 .. _cors:
 .. _config/cors:
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 7ee3e3accd8..3eb2e399095 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -39,11 +39,17 @@ start_link(http) ->
     start_link(?MODULE, [{port, Port}]);
 start_link(https) ->
     Port = couch_config:get("ssl", "port", "6984"),
+    {ok, Ciphers} = couch_util:parse_term(couch_config:get("ssl", "ciphers", "nil")),
+    {ok, Versions} = couch_util:parse_term(couch_config:get("ssl", "tls_versions", "nil")),
+    {ok, SecureRenegotiate} = couch_util:parse_term(couch_config:get("ssl", "secure_renegotiate", "nil")),
     ServerOpts0 =
         [{cacertfile, couch_config:get("ssl", "cacert_file", nil)},
          {keyfile, couch_config:get("ssl", "key_file", nil)},
          {certfile, couch_config:get("ssl", "cert_file", nil)},
-         {password, couch_config:get("ssl", "password", nil)}],
+         {password, couch_config:get("ssl", "password", nil)},
+         {secure_renegotiate, SecureRenegotiate},
+         {versions, Versions},
+         {ciphers, Ciphers}],
 
     case (couch_util:get_value(keyfile, ServerOpts0) == nil orelse
         couch_util:get_value(certfile, ServerOpts0) == nil) of

From b1f5333b9057a3b784704022d999e9a969935b26 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Fri, 31 Oct 2014 05:40:44 +0300
Subject: [PATCH 47/57] docs: add version tag for f30f3dd feature

---
 share/doc/src/config/http.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
index 3b808e9fb57..6ab09f0e745 100644
--- a/share/doc/src/config/http.rst
+++ b/share/doc/src/config/http.rst
@@ -401,11 +401,13 @@ Secure Socket Level Options
 
     Set to the cipher suites that should be supported which can be
     specified in erlang format "{ecdhe_ecdsa,aes_128_cbc,sha256}" or
-    in OpenSSL format "ECDHE-ECDSA-AES128-SHA256".
+    in OpenSSL format "ECDHE-ECDSA-AES128-SHA256"::
 
       [ssl]
       ciphers = ["ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA"]
 
+    .. versionadded:: 1.7
+
   .. config:option:: tls_versions :: Specify permitted server SSL/TLS
                      protocol versions
 
@@ -414,6 +416,8 @@ Secure Socket Level Options
       [ssl]
       tls_versions = [sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2']
 
+    .. versionadded:: 1.7
+
 
 .. _cors:
 .. _config/cors:

From f462363cfcde56710060486e58dffd45d02ae937 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Fri, 31 Oct 2014 05:49:42 +0300
Subject: [PATCH 48/57] docs: fix formatting

---
 share/doc/src/config/http.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
index 6ab09f0e745..c03a5d57291 100644
--- a/share/doc/src/config/http.rst
+++ b/share/doc/src/config/http.rst
@@ -392,7 +392,8 @@ Secure Socket Level Options
 
   .. config:option:: secure_renegotiate :: Enable secure renegotiation
 
-    Set to `true` to reject renegotiation attempt that does not live up to RFC 5746::
+    Set to `true` to reject renegotiation attempt that does not live up to
+    :rfc:`5746`::
 
       [ssl]
       secure_renegotiate = true
@@ -408,8 +409,7 @@ Secure Socket Level Options
 
     .. versionadded:: 1.7
 
-  .. config:option:: tls_versions :: Specify permitted server SSL/TLS
-                     protocol versions
+  .. config:option:: tls_versions :: Specify permitted server SSL/TLS protocol versions
 
     Set to a list of permitted SSL/TLS protocol versions::
 

From cec0a79d619cc4a57b070d9750906545b51abd9b Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Fri, 31 Oct 2014 05:51:31 +0300
Subject: [PATCH 49/57] docs: one more version tag for f30f3dd feature

---
 share/doc/src/config/http.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
index c03a5d57291..4834f388f35 100644
--- a/share/doc/src/config/http.rst
+++ b/share/doc/src/config/http.rst
@@ -398,6 +398,8 @@ Secure Socket Level Options
       [ssl]
       secure_renegotiate = true
 
+    .. versionadded:: 1.7
+
   .. config:option:: ciphers :: Specify permitted server cipher list
 
     Set to the cipher suites that should be supported which can be

From 01c60f183a0d20dc5dc384fce42305d009c67b81 Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Wed, 29 Oct 2014 14:14:34 +0300
Subject: [PATCH 50/57] key, startkey and endkey params accepts any valid JSON
 types

Thanks @zemirco for the report.
---
 share/doc/src/api/ddoc/views.rst | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/share/doc/src/api/ddoc/views.rst b/share/doc/src/api/ddoc/views.rst
index 3d14396e9aa..4d0c8d8a79f 100644
--- a/share/doc/src/api/ddoc/views.rst
+++ b/share/doc/src/api/ddoc/views.rst
@@ -32,9 +32,9 @@
     Ignored if `include_docs` isn't ``true``. Default is ``false``
   :query boolean descending: Return the documents in descending by key order.
     Default is ``false``
-  :query string endkey: Stop returning records when the specified key is
+  :query json endkey: Stop returning records when the specified key is
     reached. *Optional*
-  :query string end_key: Alias for `endkey` param
+  :query json end_key: Alias for `endkey` param
   :query string endkey_docid: Stop returning records when the specified
     document ID is reached. *Optional*
   :query string end_key_doc_id: Alias for `endkey_docid` param
@@ -52,7 +52,7 @@
     compressed. Ignored if `include_docs` isn't ``true``. Default is ``false``.
   :query boolean inclusive_end: Specifies whether the specified end key should
     be included in the result. Default is ``true``
-  :query string key: Return only documents that match the specified key.
+  :query json key: Return only documents that match the specified key.
     *Optional*
   :query number limit: Limit the number of the returned documents to the
     specified number. *Optional*
@@ -61,9 +61,9 @@
     the results. Default is ``0``
   :query string stale: Allow the results from a stale view to be used.
     Supported values: ``ok`` and ``update_after``. *Optional*
-  :query string startkey: Return records starting with the specified key.
+  :query json startkey: Return records starting with the specified key.
     *Optional*
-  :query string start_key: Alias for `startkey` param
+  :query json start_key: Alias for `startkey` param
   :query string startkey_docid: Return records starting with the specified
     document ID. *Optional*
   :query string start_key_doc_id: Alias for `startkey_docid` param

From ee0742c502751b32bbb55fd8f685262fe87bc1ad Mon Sep 17 00:00:00 2001
From: Alexander Shorin <kxepal@apache.org>
Date: Fri, 31 Oct 2014 19:00:59 +0300
Subject: [PATCH 51/57] Show decoded database names in the recently used list

Patch made by @janl for COUCHDB-1275.
---
 share/www/script/futon.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/www/script/futon.js b/share/www/script/futon.js
index 409becc500f..07238390c65 100644
--- a/share/www/script/futon.js
+++ b/share/www/script/futon.js
@@ -335,7 +335,7 @@ function $$(node) {
           name = encodeURIComponent(name);
           $("#dbs").append("<li>" +
             "<button class='remove' title='Remove from list' value='" + name + "'></button>" +
-            "<a href='database.html?" + name + "' title='" + name + "'>" + name +
+            "<a href='database.html?" + name + "' title='" + name + "'>" + decodeURIComponent(name) +
             "</a></li>");
         }
       });

From fc9ab293cd1a9d74c78f8378b26d1c1a6a9d77e5 Mon Sep 17 00:00:00 2001
From: Nikolai Teofilov <n.teofilov@gmail.com>
Date: Sat, 8 Jan 2011 22:41:34 +0100
Subject: [PATCH 52/57] Replicate only specified document ids

COUCHDB-1011

Signed-off-by: Alexander Shorin <kxepal@apache.org>
---
 share/www/replicator.html | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/share/www/replicator.html b/share/www/replicator.html
index 132dde18d7c..79d136acfb6 100644
--- a/share/www/replicator.html
+++ b/share/www/replicator.html
@@ -103,13 +103,33 @@
           if ($("#continuous")[0].checked) {
             repOpts.continuous = true;
           }
+
+          if ($("#doc_ids").val()){
+            try {
+               var doc_ids = JSON.parse($("#doc_ids").val());
+               if ($.isArray(doc_ids)) {
+                  repOpts.doc_ids = doc_ids;
+               } else {
+                  $("#records tbody.footer td")
+                    .text('Invalid format! Should be: ["doc1", "doc2", ...]'); 
+                  return false;
+               }
+            } catch (e) {
+               $("#records tbody.footer td")
+                 .text('Invalid format! Should be: ["doc1", "doc2", ...]');
+               return false;
+            }
+          }
           $.couch.replicate(source, target, {
             success: function(resp) {
-              if (resp._local_id) {
+              if ( resp.history == null || resp._local_id) {
                 $("<tr><th></th></tr>")
                   .find("th").text(JSON.stringify(resp)).end()
                   .appendTo("#records tbody.content");
                 $("#records tbody tr").removeClass("odd").filter(":odd").addClass("odd");
+                $("#records tbody.footer td")
+                  .text((resp._local_id)? "Continuous replication" :
+                                          "Named document replication");
               } else {
                 $.each(resp.history, function(idx, record) {
                   $("<tr><th></th></tr>")
@@ -163,6 +183,7 @@ <h1>
           </p>
         </fieldset>
         <p class="actions">
+          <label style="float: left; padding-left: 5px">Document IDs: <input type="text" id="doc_ids" name="doc_ids" size="25" value=""></label>
           <label><input type="checkbox" name="continuous" value="continuous" id="continuous"> Continuous</label>
           <button id="replicate" type="button">Replicate</button>
         </p>

From 8fc2437477f5b0a962aecc2ae760e9a9c51c91bd Mon Sep 17 00:00:00 2001
From: Chris Snow <chris.snow@cloudant.com>
Date: Mon, 3 Nov 2014 08:09:58 +0000
Subject: [PATCH 53/57] Move the note below the delete paragraph

The note is related to the delete paragraph text, not to the
seealso text so move the note to improve readability.

Signed-off-by: Alexander Shorin <kxepal@apache.org>
---
 share/doc/src/api/document/common.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/share/doc/src/api/document/common.rst b/share/doc/src/api/document/common.rst
index bdd67027d83..493a32ec21c 100644
--- a/share/doc/src/api/document/common.rst
+++ b/share/doc/src/api/document/common.rst
@@ -247,14 +247,14 @@
   (latest) revision, either by using the ``rev`` parameter or by using the
   :header:`If-Match` header to specify the revision.
 
-  .. seealso::
-    :ref:`Retrieving Deleted Documents <api/doc/retrieving-deleted-documents>`
-
   .. note::
     CouchDB doesn't actually delete documents. The reason is the need to track
     them correctly during the replication process between databases to prevent
     accidental document recovery for any previous state.
 
+  .. seealso::
+    :ref:`Retrieving Deleted Documents <api/doc/retrieving-deleted-documents>`
+
   :param db: Database name
   :param docid: Document ID
   :<header Accept: - :mimetype:`application/json`

From 3266f235e8660806e2468324d16620b09139d72e Mon Sep 17 00:00:00 2001
From: Chris Snow <chris.snow@cloudant.com>
Date: Mon, 3 Nov 2014 08:13:11 +0000
Subject: [PATCH 54/57] Clarify the purpose of tombstones

Signed-off-by: Alexander Shorin <kxepal@apache.org>
---
 share/doc/src/api/document/common.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/share/doc/src/api/document/common.rst b/share/doc/src/api/document/common.rst
index 493a32ec21c..1355a314933 100644
--- a/share/doc/src/api/document/common.rst
+++ b/share/doc/src/api/document/common.rst
@@ -248,9 +248,9 @@
   :header:`If-Match` header to specify the revision.
 
   .. note::
-    CouchDB doesn't actually delete documents. The reason is the need to track
-    them correctly during the replication process between databases to prevent
-    accidental document recovery for any previous state.
+    CouchDB doesn't completely delete the specified document. Instead, it leaves
+    a tombstone with very basic information about the document. The tombstone
+    is required so that the delete action can be replicated across databases.
 
   .. seealso::
     :ref:`Retrieving Deleted Documents <api/doc/retrieving-deleted-documents>`

From 02b02d622a6cf108e019e2b31a3534436f1b754d Mon Sep 17 00:00:00 2001
From: Michael Marino <mmarino@gmail.com>
Date: Tue, 15 Apr 2014 14:09:12 +0200
Subject: [PATCH 55/57] COUCHDB-2225 Enforce that shared libraries can be built
 by the system

This closes #209

Signed-off-by: Alexander Shorin <kxepal@apache.org>
---
 configure.ac | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configure.ac b/configure.ac
index 103f02999f8..656758564ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -33,6 +33,10 @@ AC_DISABLE_STATIC
 AC_PROG_CC
 LT_INIT([win32-dll])
 LT_INIT
+AS_IF([test x"${enable_shared}" = "xno"], [
+  AC_MSG_ERROR([System as configured cannot build shared libraries.])
+])
+
 AC_PROG_LN_S
 
 PKG_PROG_PKG_CONFIG

From 821f4020d883a2dbb40243afffa2d0d7138de076 Mon Sep 17 00:00:00 2001
From: Klaus Trainer <klaus_trainer@apache.org>
Date: Sun, 9 Mar 2014 20:10:53 +0100
Subject: [PATCH 56/57] Use cookie authentication during replication

In `couch_replicator_httpc:setup/1`, if the URL contains basic auth
credentials, the replicator now removes those credentials from the URL
and inserts them into a new ets table, whose identifier is stored in the
returned `httpdb` record in a new field named `credentials`.

Then, if during replication there's a HTTP status code 401, the
replicator does a POST-request to the remote DB's `/_session` endpoint,
in which the request body contains the user name and password from the
basic auth credentials stored in the ets table.  If that request is
successful, the session cookie is inserted into the ets table together
with the current timestamp returned by `os:timestamp/0`.  From that
point on, `couch_replicator_httpc:send_req/3` always retrieves the
cookie from the ets table and sets it as value in the "Cookie" request
header.  When a new session cookie is set, the cookie value, together
with a new timestamp, will be updated in the ets table accordingly.
Now, after having started a new session, the request that generated the
response status code 401 is repeated.

In order to prevent the replicator from wrongly starting a new session
after getting a 401 status code and then repeating the request again
(and thereby causing an infinite loop), it is checked whether the
difference between the current timestamp returned by `os:timestamp/0`
and the timestamp stored together with the session cookie is greater
than one minute.  A new session is started and the request is repeated
only if the difference is greater than one minute.  Otherwise it is
proceeded as ever, i.e., the response with the 401 status code is
returned.
---
 share/www/script/test/replication.js          |  19 +-
 .../src/couch_replicator_api_wrap.erl         |   8 +-
 .../src/couch_replicator_api_wrap.hrl         |   5 +-
 .../src/couch_replicator_httpc.erl            | 174 +++++++++++++++---
 .../src/couch_replicator_manager.erl          |   5 +-
 src/couchdb/couch_db.hrl                      |   2 +
 src/couchdb/couch_httpd_auth.erl              |  10 +-
 src/couchdb/couch_util.erl                    |  19 +-
 8 files changed, 196 insertions(+), 46 deletions(-)

diff --git a/share/www/script/test/replication.js b/share/www/script/test/replication.js
index fd60dd41b9e..51e144ccb50 100644
--- a/share/www/script/test/replication.js
+++ b/share/www/script/test/replication.js
@@ -1455,16 +1455,23 @@ couchTests.replication = function(debug) {
   //
 
   // case 1) user triggering the replication is not a DB admin of the target DB
-  var joeUserDoc = CouchDB.prepareUserDoc({
-    name: "joe",
-    roles: ["erlanger"]
-  }, "erly");
   var usersDb = new CouchDB("test_suite_auth", {"X-Couch-Full-Commit":"false"});
+  var joeUserDoc = CouchDB.prepareUserDoc({ name: "joe" }, "erly");
   var server_config = [
     {
       section: "couch_httpd_auth",
       key: "authentication_db",
       value: usersDb.name
+    },
+    {
+      section: "couch_httpd_auth",
+      key: "iterations",
+      value: "1"
+    },
+    {
+      section: "admins",
+      key: "karl",
+      value: "secret"
     }
   ];
 
@@ -1520,6 +1527,8 @@ couchTests.replication = function(debug) {
       TEquals(docs.length, repResult.history[0].docs_read);
       TEquals((docs.length - 1), repResult.history[0].docs_written); // 1 ddoc
       TEquals(1, repResult.history[0].doc_write_failures);
+
+      TEquals(true, CouchDB.login("karl", "secret").ok);
     });
 
     for (j = 0; j < docs.length; j++) {
@@ -1587,6 +1596,8 @@ couchTests.replication = function(debug) {
       }
 
       TEquals(true, CouchDB.logout().ok);
+
+      TEquals(true, CouchDB.login("karl", "secret").ok);
     });
 
     for (j = 0; j < docs.length; j++) {
diff --git a/src/couch_replicator/src/couch_replicator_api_wrap.erl b/src/couch_replicator/src/couch_replicator_api_wrap.erl
index 3cf942d699f..94b22e96975 100644
--- a/src/couch_replicator/src/couch_replicator_api_wrap.erl
+++ b/src/couch_replicator/src/couch_replicator_api_wrap.erl
@@ -164,9 +164,7 @@ get_missing_revs(Db, IdRevs) ->
 open_doc_revs(#httpdb{retries = 0} = HttpDb, Id, Revs, Options, _Fun, _Acc) ->
     Path = encode_doc_id(Id),
     QS = options_to_query_args(HttpDb, Path, [revs, {open_revs, Revs} | Options]),
-    Url = couch_util:url_strip_password(
-        couch_replicator_httpc:full_url(HttpDb, [{path,Path}, {qs,QS}])
-    ),
+    Url = couch_replicator_httpc:full_url(HttpDb, [{path,Path}, {qs,QS}]),
     ?LOG_ERROR("Replication crashing because GET ~s failed", [Url]),
     exit(kaboom);
 open_doc_revs(#httpdb{} = HttpDb, Id, Revs, Options, Fun, Acc) ->
@@ -235,9 +233,7 @@ open_doc_revs(#httpdb{} = HttpDb, Id, Revs, Options, Fun, Acc) ->
                     open_doc_revs(HttpDb, Id, Revs, Options1, Fun, Acc)
             end;
         {'DOWN', Ref, process, Pid, Else} ->
-            Url = couch_util:url_strip_password(
-                couch_replicator_httpc:full_url(HttpDb, [{path,Path}, {qs,QS}])
-            ),
+            Url = couch_replicator_httpc:full_url(HttpDb, [{path,Path}, {qs,QS}]),
             #httpdb{retries = Retries, wait = Wait0} = HttpDb,
             Wait = 2 * erlang:min(Wait0 * 2, ?MAX_WAIT),
             ?LOG_INFO("Retrying GET to ~s in ~p seconds due to error ~p",
diff --git a/src/couch_replicator/src/couch_replicator_api_wrap.hrl b/src/couch_replicator/src/couch_replicator_api_wrap.hrl
index 1a6f27a0949..ac6b0642705 100644
--- a/src/couch_replicator/src/couch_replicator_api_wrap.hrl
+++ b/src/couch_replicator/src/couch_replicator_api_wrap.hrl
@@ -24,7 +24,10 @@
     retries = 10,
     wait = 250,         % milliseconds
     httpc_pool = nil,
-    http_connections
+    http_connections,
+    root_url,           % e.g. "http://example.com:5984/"
+    credentials         % ets table for storing the basic auth
+                        % credentials and the session cookie
 }).
 
 -record(oauth, {
diff --git a/src/couch_replicator/src/couch_replicator_httpc.erl b/src/couch_replicator/src/couch_replicator_httpc.erl
index b8fb31bcc4e..5ac13b11f74 100644
--- a/src/couch_replicator/src/couch_replicator_httpc.erl
+++ b/src/couch_replicator/src/couch_replicator_httpc.erl
@@ -30,8 +30,21 @@
 
 
 setup(#httpdb{httpc_pool = nil, url = Url, http_connections = MaxConns} = Db) ->
-    {ok, Pid} = couch_replicator_httpc_pool:start_link(Url, [{max_connections, MaxConns}]),
-    {ok, Db#httpdb{httpc_pool = Pid}}.
+    Url2 = couch_util:url_strip_credentials(Url),
+    RootUrl = couch_util:root_url(Url2),
+    {ok, Pid} = couch_replicator_httpc_pool:start_link(
+        Url2, [{max_connections, MaxConns}]),
+    case Url of
+    Url2 -> % there are no basic auth credentials included in Url
+        {ok, Db#httpdb{root_url = RootUrl, httpc_pool = Pid}};
+    _ ->
+        #url{username = Username, password = Password} =
+            ibrowse_lib:parse_url(Url),
+        Credentials = ets:new(credentials, [public, {read_concurrency, true}]),
+        ets:insert(Credentials, {basic_auth, {Username, Password}}),
+        {ok, #httpdb{url = Url2, root_url = RootUrl, httpc_pool = Pid,
+                     credentials = Credentials}}
+    end.
 
 
 send_req(HttpDb, Params1, Callback) ->
@@ -43,19 +56,30 @@ send_req(HttpDb, Params1, Callback) ->
     process_response(Response, Worker, HttpDb, Params, Callback).
 
 
-send_ibrowse_req(#httpdb{headers = BaseHeaders} = HttpDb, Params) ->
+send_ibrowse_req(HttpDb, Params) ->
+    {ok, Worker} = case get_value(path, Params) of
+    "_changes" -> ibrowse:spawn_link_worker_process(full_url(HttpDb, Params));
+    _ -> couch_replicator_httpc_pool:get_worker(HttpDb#httpdb.httpc_pool)
+    end,
+    send_ibrowse_req(HttpDb, Params, Worker).
+
+
+send_ibrowse_req(#httpdb{headers = Headers} = HttpDb, Params, Worker) ->
+    BaseHeaders = case HttpDb#httpdb.credentials of
+    undefined ->
+        Headers;
+    Credentials ->
+        case ets:lookup(Credentials, cookie) of
+        [] -> Headers;
+        [{cookie, Cookie, _}] -> [{"Cookie", Cookie} | Headers]
+        end
+    end,
     Method = get_value(method, Params, get),
     UserHeaders = lists:keysort(1, get_value(headers, Params, [])),
     Headers1 = lists:ukeymerge(1, UserHeaders, BaseHeaders),
     Headers2 = oauth_header(HttpDb, Params) ++ Headers1,
     Url = full_url(HttpDb, Params),
     Body = get_value(body, Params, []),
-    case get_value(path, Params) of
-    "_changes" ->
-        {ok, Worker} = ibrowse:spawn_link_worker_process(Url);
-    _ ->
-        {ok, Worker} = couch_replicator_httpc_pool:get_worker(HttpDb#httpdb.httpc_pool)
-    end,
     IbrowseOptions = [
         {response_format, binary}, {inactivity_timeout, HttpDb#httpdb.timeout} |
         lists:ukeymerge(1, get_value(ibrowse_options, Params, []),
@@ -78,7 +102,6 @@ process_response({ibrowse_req_id, ReqId}, Worker, HttpDb, Params, Callback) ->
     process_stream_response(ReqId, Worker, HttpDb, Params, Callback);
 
 process_response({ok, Code, Headers, Body}, Worker, HttpDb, Params, Callback) ->
-    release_worker(Worker, HttpDb),
     case list_to_integer(Code) of
     Ok when (Ok >= 200 andalso Ok < 300) ; (Ok >= 400 andalso Ok < 500) ->
         EJson = case Body of
@@ -87,10 +110,27 @@ process_response({ok, Code, Headers, Body}, Worker, HttpDb, Params, Callback) ->
         Json ->
             ?JSON_DECODE(Json)
         end,
-        Callback(Ok, Headers, EJson);
+        case Ok of
+        401 ->
+            case maybe_start_new_session(HttpDb, Worker) of
+            true ->
+                {Worker, Response} =
+                    send_ibrowse_req(HttpDb, Params, Worker),
+                process_response(Response, Worker, HttpDb, Params, Callback);
+            false ->
+                release_worker(Worker, HttpDb),
+                Callback(Ok, Headers, EJson)
+            end;
+        _ ->
+            release_worker(Worker, HttpDb),
+            maybe_set_session_cookie(HttpDb, Headers),
+            Callback(Ok, Headers, EJson)
+        end;
     R when R =:= 301 ; R =:= 302 ; R =:= 303 ->
+        release_worker(Worker, HttpDb),
         do_redirect(Worker, R, Headers, HttpDb, Params, Callback);
     Error ->
+        release_worker(Worker, HttpDb),
         maybe_retry({code, Error}, Worker, HttpDb, Params, Callback)
     end;
 
@@ -102,20 +142,20 @@ process_stream_response(ReqId, Worker, HttpDb, Params, Callback) ->
     receive
     {ibrowse_async_headers, ReqId, Code, Headers} ->
         case list_to_integer(Code) of
-        Ok when (Ok >= 200 andalso Ok < 300) ; (Ok >= 400 andalso Ok < 500) ->
-            StreamDataFun = fun() ->
-                stream_data_self(HttpDb, Params, Worker, ReqId, Callback)
-            end,
-            ibrowse:stream_next(ReqId),
-            try
-                Ret = Callback(Ok, Headers, StreamDataFun),
-                release_worker(Worker, HttpDb),
-                clean_mailbox_req(ReqId),
-                Ret
-            catch throw:{maybe_retry_req, Err} ->
+        401 ->
+            case maybe_start_new_session(HttpDb) of
+            true ->
                 clean_mailbox_req(ReqId),
-                maybe_retry(Err, Worker, HttpDb, Params, Callback)
+                {Worker, Response} = send_ibrowse_req(HttpDb, Params, Worker),
+                process_response(Response, Worker, HttpDb, Params, Callback);
+            false ->
+                process_stream_response_headers(
+                    ReqId, 401, Headers, Worker, HttpDb, Params, Callback)
             end;
+        Ok when (Ok >= 200 andalso Ok < 300) ; (Ok > 401 andalso Ok < 500) ->
+            maybe_set_session_cookie(HttpDb, Headers),
+            process_stream_response_headers(
+                ReqId, Ok, Headers, Worker, HttpDb, Params, Callback);
         R when R =:= 301 ; R =:= 302 ; R =:= 303 ->
             do_redirect(Worker, R, Headers, HttpDb, Params, Callback);
         Error ->
@@ -131,6 +171,90 @@ process_stream_response(ReqId, Worker, HttpDb, Params, Callback) ->
     end.
 
 
+process_stream_response_headers(ReqId, Code, Headers, Worker, HttpDb, Params, Callback) ->
+    StreamDataFun = fun() ->
+        stream_data_self(HttpDb, Params, Worker, ReqId, Callback)
+    end,
+    ibrowse:stream_next(ReqId),
+    try
+        Ret = Callback(Code, Headers, StreamDataFun),
+        release_worker(Worker, HttpDb),
+        clean_mailbox_req(ReqId),
+        Ret
+    catch throw:{maybe_retry_req, Err} ->
+        clean_mailbox_req(ReqId),
+        maybe_retry(Err, Worker, HttpDb, Params, Callback)
+    end.
+
+
+maybe_start_new_session(HttpDb) ->
+    case need_new_session(HttpDb) of
+    false -> false;
+    true -> start_new_session(HttpDb)
+    end.
+
+
+maybe_start_new_session(HttpDb, Worker) ->
+    case need_new_session(HttpDb) of
+    false -> false;
+    true -> start_new_session(HttpDb, Worker)
+    end.
+
+
+need_new_session(#httpdb{credentials = undefined}) ->
+    false;
+
+need_new_session(#httpdb{credentials = Credentials}) ->
+    case ets:lookup(Credentials, cookie) of
+    [] ->
+        true;
+    [{cookie, _, UpdatedAt}] ->
+        %% As we don't know when the cookie will expire, we just decide
+        %% that we want a new session if the current one is older than
+        %% one minute.
+        OneMinute = 60 * 1000000, % microseconds
+        timer:now_diff(os:timestamp(), UpdatedAt) > OneMinute
+    end.
+
+
+start_new_session(#httpdb{httpc_pool = Pool} = HttpDb) ->
+    {ok, Worker} = couch_replicator_httpc_pool:get_worker(Pool),
+    Result = start_new_session(HttpDb, Worker),
+    release_worker(Worker, HttpDb),
+    Result.
+
+
+start_new_session(#httpdb{credentials = Credentials} = HttpDb, Worker) ->
+    SessionUrl = HttpDb#httpdb.root_url ++ "_session",
+    {Username, Password} = ets:lookup_element(Credentials, basic_auth, 2),
+    JsonBody = ?JSON_ENCODE(
+        {[{name, ?l2b(Username)}, {password, ?l2b(Password)}]}),
+    Response = ibrowse:send_req_direct(Worker, SessionUrl,
+        [{"Content-Type", "application/json"}], post, JsonBody,
+        [{response_format, binary}], infinity),
+    Callback =
+        fun (401, _, _) -> false;
+            (200, Headers, _) -> maybe_set_session_cookie(HttpDb, Headers)
+        end,
+    process_response(Response, Worker, HttpDb, [], Callback).
+
+
+maybe_set_session_cookie(#httpdb{credentials = undefined}, _) ->
+    false;
+
+maybe_set_session_cookie(#httpdb{credentials = Credentials}, Headers) ->
+    case get_value("Set-Cookie", Headers) of
+    undefined ->
+        false;
+    Cookie ->
+        CookieProps = mochiweb_cookies:parse_cookie(Cookie),
+        case couch_util:get_value(?AUTH_SESSION_COOKIE_KEY, CookieProps) of
+        undefined -> false;
+        _ -> ets:insert(Credentials, {cookie, Cookie, os:timestamp()})
+        end
+    end.
+
+
 clean_mailbox_req(ReqId) ->
     receive
     {ibrowse_async_response, ReqId, _} ->
@@ -153,7 +277,7 @@ maybe_retry(Error, Worker, #httpdb{retries = Retries, wait = Wait} = HttpDb,
     Params, Cb) ->
     release_worker(Worker, HttpDb),
     Method = string:to_upper(atom_to_list(get_value(method, Params, get))),
-    Url = couch_util:url_strip_password(full_url(HttpDb, Params)),
+    Url = full_url(HttpDb, Params),
     ?LOG_INFO("Retrying ~s request to ~s in ~p seconds due to error ~s",
         [Method, Url, Wait / 1000, error_cause(Error)]),
     ok = timer:sleep(Wait),
@@ -163,7 +287,7 @@ maybe_retry(Error, Worker, #httpdb{retries = Retries, wait = Wait} = HttpDb,
 
 report_error(Worker, HttpDb, Params, Error) ->
     Method = string:to_upper(atom_to_list(get_value(method, Params, get))),
-    Url = couch_util:url_strip_password(full_url(HttpDb, Params)),
+    Url = full_url(HttpDb, Params),
     do_report_error(Url, Method, Error),
     release_worker(Worker, HttpDb),
     exit({http_request_failed, Method, Url, Error}).
diff --git a/src/couch_replicator/src/couch_replicator_manager.erl b/src/couch_replicator/src/couch_replicator_manager.erl
index 4891c4c4c4e..9cf52077d53 100644
--- a/src/couch_replicator/src/couch_replicator_manager.erl
+++ b/src/couch_replicator/src/couch_replicator_manager.erl
@@ -701,9 +701,6 @@ after_doc_read(#doc{body = {Body}} = Doc, #db{user_ctx=UserCtx} = Db) ->
 strip_credentials(undefined) ->
     undefined;
 strip_credentials(Url) when is_binary(Url) ->
-    re:replace(Url,
-        "http(s)?://(?:[^:]+):[^@]+@(.*)$",
-        "http\\1://\\2",
-        [{return, binary}]);
+    couch_util:url_strip_credentials(Url);
 strip_credentials({Props}) ->
     {lists:keydelete(<<"oauth">>, 1, Props)}.
diff --git a/src/couchdb/couch_db.hrl b/src/couchdb/couch_db.hrl
index 6888f10da9b..11c3a3accfb 100644
--- a/src/couchdb/couch_db.hrl
+++ b/src/couchdb/couch_db.hrl
@@ -38,6 +38,8 @@
 
 -define(DEFAULT_ATTACHMENT_CONTENT_TYPE, <<"application/octet-stream">>).
 
+-define(AUTH_SESSION_COOKIE_KEY, "AuthSession").
+
 -define(LOG_DEBUG(Format, Args),
     case couch_log:debug_on(?MODULE) of
         true ->
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 30528325564..d1a825b3dfe 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -160,7 +160,7 @@ proxy_auth_user(Req) ->
 
 
 cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
-    case MochiReq:get_cookie_value("AuthSession") of
+    case MochiReq:get_cookie_value(?AUTH_SESSION_COOKIE_KEY) of
     undefined -> Req;
     [] -> Req;
     Cookie ->
@@ -222,7 +222,7 @@ cookie_auth_header(#httpd{user_ctx=#user_ctx{name=User}, auth={Secret, true}}=Re
     % themselves.
     CookieHeader = couch_util:get_value("Set-Cookie", Headers, ""),
     Cookies = mochiweb_cookies:parse_cookie(CookieHeader),
-    AuthSession = couch_util:get_value("AuthSession", Cookies),
+    AuthSession = couch_util:get_value(?AUTH_SESSION_COOKIE_KEY, Cookies),
     if AuthSession == undefined ->
         TimeStamp = make_cookie_time(),
         [cookie_auth_cookie(Req, ?b2l(User), Secret, TimeStamp)];
@@ -234,7 +234,7 @@ cookie_auth_header(_Req, _Headers) -> [].
 cookie_auth_cookie(Req, User, Secret, TimeStamp) ->
     SessionData = User ++ ":" ++ erlang:integer_to_list(TimeStamp, 16),
     Hash = crypto:sha_mac(Secret, SessionData),
-    mochiweb_cookies:cookie("AuthSession",
+    mochiweb_cookies:cookie(?AUTH_SESSION_COOKIE_KEY,
         couch_util:encodeBase64Url(SessionData ++ ":" ++ ?b2l(Hash)),
         [{path, "/"}] ++ cookie_scheme(Req) ++ max_age()).
 
@@ -293,7 +293,7 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req) ->
                 ]});
         _Else ->
             % clear the session
-            Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)),
+            Cookie = mochiweb_cookies:cookie(?AUTH_SESSION_COOKIE_KEY, "", [{path, "/"}] ++ cookie_scheme(Req)),
             {Code, Headers} = case couch_httpd:qs_value(Req, "fail", nil) of
                 nil ->
                     {401, [Cookie]};
@@ -329,7 +329,7 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req) ->
     end;
 % logout by deleting the session
 handle_session_req(#httpd{method='DELETE'}=Req) ->
-    Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)),
+    Cookie = mochiweb_cookies:cookie(?AUTH_SESSION_COOKIE_KEY, "", [{path, "/"}] ++ cookie_scheme(Req)),
     {Code, Headers} = case couch_httpd:qs_value(Req, "next", nil) of
         nil ->
             {200, [Cookie]};
diff --git a/src/couchdb/couch_util.erl b/src/couchdb/couch_util.erl
index 2509bef929f..0ab9b59b13f 100644
--- a/src/couchdb/couch_util.erl
+++ b/src/couchdb/couch_util.erl
@@ -25,7 +25,7 @@
 -export([get_value/2, get_value/3]).
 -export([md5/1, md5_init/0, md5_update/2, md5_final/1]).
 -export([reorder_results/2]).
--export([url_strip_password/1]).
+-export([root_url/1, url_strip_password/1, url_strip_credentials/1]).
 -export([encode_doc_id/1]).
 -export([with_db/2]).
 -export([rfc1123_date/0, rfc1123_date/1]).
@@ -416,12 +416,29 @@ reorder_results(Keys, SortedResults) ->
     KeyDict = dict:from_list(SortedResults),
     [dict:fetch(Key, KeyDict) || Key <- Keys].
 
+%% e.g. "https://foo.bar:6984/foo/bar?baz=42" -> "https://foo.bar:6984/"
+root_url(Url) ->
+    re:replace(Url,
+        "http(s)?://([^/]+).*$",
+        "http\\1://\\2/",
+        [{return, list}]).
+
 url_strip_password(Url) ->
     re:replace(Url,
         "http(s)?://([^:]+):[^@]+@(.*)$",
         "http\\1://\\2:*****@\\3",
         [{return, list}]).
 
+url_strip_credentials(Url) ->
+    Options = case is_list(Url) of
+    true -> [{return, list}];
+    false when is_binary(Url) -> [{return, binary}]
+    end,
+    re:replace(Url,
+        "http(s)?://(?:[^:]+):[^@]+@(.*)$",
+        "http\\1://\\2",
+        Options).
+
 encode_doc_id(#doc{id = Id}) ->
     encode_doc_id(Id);
 encode_doc_id(Id) when is_list(Id) ->

From 85eb4b506d083c18e9e4298d7ff4fe5246da8508 Mon Sep 17 00:00:00 2001
From: Klaus Trainer <klaus_trainer@apache.org>
Date: Fri, 7 Nov 2014 23:19:40 +0100
Subject: [PATCH 57/57] Make sure that couch_httpd_auth timeout is >= 60

We need that in order to make sure that the cookie authentication that
we do during replication by now works as expected.
---
 etc/couchdb/default.ini.tpl.in   | 2 +-
 src/couchdb/couch_httpd_auth.erl | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 934c6cd440c..f3b36eb09ee 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -68,7 +68,7 @@ include_sasl = true
 authentication_db = _users
 authentication_redirect = /_utils/session.html
 require_valid_user = false
-timeout = 600 ; number of seconds before automatic logout
+timeout = 600 ; The number of seconds before automatic logout. The minimum value is 60, and any value less 60 will be ignored.
 auth_cache_size = 50 ; size is number of cache entries
 allow_persistent_cookies = false ; set to true to allow persistent cookies
 iterations = 10 ; iterations for password hashing
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index d1a825b3dfe..d00c717ba15 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -188,8 +188,12 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
                 FullSecret = <<Secret/binary, UserSalt/binary>>,
                 ExpectedHash = crypto:sha_mac(FullSecret, User ++ ":" ++ TimeStr),
                 Hash = ?l2b(HashStr),
-                Timeout = list_to_integer(
+                ConfiguredTimeout = list_to_integer(
                     couch_config:get("couch_httpd_auth", "timeout", "600")),
+                Timeout = case ConfiguredTimeout < 60 of
+                    true -> 60;
+                    false -> ConfiguredTimeout
+                end,
                 ?LOG_DEBUG("timeout ~p", [Timeout]),
                 case (catch erlang:list_to_integer(TimeStr, 16)) of
                     TimeStamp when CurrentTime < TimeStamp + Timeout ->