2010-02-11 23:49:52 |
LimCore |
bug |
|
|
added bug |
2010-02-11 23:59:28 |
LimCore |
description |
Binary package hint: subversion
Suddenly svn client stoped asking for passphrase and now just connects always as anonymous to any newly create repo,
but when I connect to an older repo (create months ago) all works!
For svn:// method, for svnserve -d server.
User A + old repo = works
User A + new repo = as anonymous always (even after rm -rf ~/.subversion)
User B + new repo = as anonymous always
Ubuntu 9.10 amd64
REPRODUCE - 5 minute test case - PLEASE CONFIRM MY BUG
apt-get install subversion # on Karmic 9.10 for example
Start subversion local server (server method: svnserve deamon)
Create a repo and try to import to it - FAIL?
On the server / as root:
$ mkdir -p /srv/svn/repo/lc
$ cd /srv/svn/repo/lc
$ svnadmin create repofoo
$ killall svnserve
$ /usr/bin/svnserve -d -r /srv/svn/repo/
On the client / as user:
$ mkdir testsvn
$ cd testsvn/
$ mkdir repofoo
$ cd repofoo
$ echo "some text" > testfile.txt
$ svn import svn://localhost/lc/repofoo -m "importing"
and....?
ON Ubuntu since few days Im getting:
svn: Authorization failed
There is no question about authorization.
*** If you get this, instead of prompt to enter password, then this is the bug described. ***
Please confirm my bug and select on top Affects me too.
Btw, I can not force authorization, look:
root@jumpi(2010-02-12 00:41:21)/srv/svn/repo/lc$ vim repofoo/conf/passwd
root@jumpi(2010-02-12 00:41:31)/srv/svn/repo/lc$ cat repofoo/conf/passwd
[users]
bob = secret
user1@jumpi(2010-02-12 00:41:04)~/testsvn/repofoo$ svn --username bob import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
user1@jumpi(2010-02-12 00:41:09)~/testsvn/repofoo$ svn --username bob --password secret import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
Ubuntu 9.10 amd64
ii subversion 1.6.5dfsg-1ubuntu1
Btw, using an older already existing repo (created months ago) works 100% fine. |
Binary package hint: subversion
Suddenly svn client stoped asking for passphrase and now just connects always as anonymous to any newly create repo,
but when I connect to an older repo (create months ago) all works!
For svn:// method, for svnserve -d server.
User A + old repo = works
User A + new repo = as anonymous always (even after rm -rf ~/.subversion)
User B + new repo = as anonymous always
Ubuntu 9.10 amd64
REPRODUCE - 5 minute test case - PLEASE CONFIRM MY BUG
apt-get install subversion # on Karmic 9.10 for example
Start subversion local server (server method: svnserve deamon)
Create a repo and try to import to it - FAIL?
On the server / as root:
$ mkdir -p /srv/svn/repo/lc
$ cd /srv/svn/repo/lc
$ svnadmin create repofoo
$ killall svnserve
$ /usr/bin/svnserve -d -r /srv/svn/repo/
On the client / as user:
$ mkdir testsvn
$ cd testsvn/
$ mkdir repofoo
$ cd repofoo
$ echo "some text" > testfile.txt
$ svn import svn://localhost/lc/repofoo -m "importing"
and....?
******* THE RESULT: ****
here you will get error:
svn: Authorization failed
(There is no question about authorization.)
But checkout (by default allowed for anonymous) will work:
$svn co svn://localhost/lc/repofoo
Checked out revision 0.
***********************************************************************************
If you get this above 2 messages, instead of prompt to enter password, then this is the bug described,
it means svn connects always in anonymous mode, therefore blocked write but allowed read access.
Please confirm my bug and select on top Affects me too!
***********************************************************************************
Btw, I can not force authorization, look:
root@jumpi(2010-02-12 00:41:21)/srv/svn/repo/lc$ vim repofoo/conf/passwd
root@jumpi(2010-02-12 00:41:31)/srv/svn/repo/lc$ cat repofoo/conf/passwd
[users]
bob = secret
user1@jumpi(2010-02-12 00:41:04)~/testsvn/repofoo$ svn --username bob import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
user1@jumpi(2010-02-12 00:41:09)~/testsvn/repofoo$ svn --username bob --password secret import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
Ubuntu 9.10 amd64
ii subversion 1.6.5dfsg-1ubuntu1
Btw, using an older already existing repo (created months ago) works 100% fine.
|
|
2010-02-12 00:01:10 |
LimCore |
description |
Binary package hint: subversion
Suddenly svn client stoped asking for passphrase and now just connects always as anonymous to any newly create repo,
but when I connect to an older repo (create months ago) all works!
For svn:// method, for svnserve -d server.
User A + old repo = works
User A + new repo = as anonymous always (even after rm -rf ~/.subversion)
User B + new repo = as anonymous always
Ubuntu 9.10 amd64
REPRODUCE - 5 minute test case - PLEASE CONFIRM MY BUG
apt-get install subversion # on Karmic 9.10 for example
Start subversion local server (server method: svnserve deamon)
Create a repo and try to import to it - FAIL?
On the server / as root:
$ mkdir -p /srv/svn/repo/lc
$ cd /srv/svn/repo/lc
$ svnadmin create repofoo
$ killall svnserve
$ /usr/bin/svnserve -d -r /srv/svn/repo/
On the client / as user:
$ mkdir testsvn
$ cd testsvn/
$ mkdir repofoo
$ cd repofoo
$ echo "some text" > testfile.txt
$ svn import svn://localhost/lc/repofoo -m "importing"
and....?
******* THE RESULT: ****
here you will get error:
svn: Authorization failed
(There is no question about authorization.)
But checkout (by default allowed for anonymous) will work:
$svn co svn://localhost/lc/repofoo
Checked out revision 0.
***********************************************************************************
If you get this above 2 messages, instead of prompt to enter password, then this is the bug described,
it means svn connects always in anonymous mode, therefore blocked write but allowed read access.
Please confirm my bug and select on top Affects me too!
***********************************************************************************
Btw, I can not force authorization, look:
root@jumpi(2010-02-12 00:41:21)/srv/svn/repo/lc$ vim repofoo/conf/passwd
root@jumpi(2010-02-12 00:41:31)/srv/svn/repo/lc$ cat repofoo/conf/passwd
[users]
bob = secret
user1@jumpi(2010-02-12 00:41:04)~/testsvn/repofoo$ svn --username bob import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
user1@jumpi(2010-02-12 00:41:09)~/testsvn/repofoo$ svn --username bob --password secret import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
Ubuntu 9.10 amd64
ii subversion 1.6.5dfsg-1ubuntu1
Btw, using an older already existing repo (created months ago) works 100% fine.
|
Binary package hint: subversion
Suddenly svn client stoped asking for passphrase and now just connects always as anonymous to any newly create repo,
but when I connect to an older repo (create months ago) all works!
For svn:// method, for svnserve -d server.
User A + old repo = works
User A + new repo = as anonymous always (even after rm -rf ~/.subversion)
User B + new repo = as anonymous always
Ubuntu 9.10 amd64
REPRODUCE - 5 minute test case - PLEASE CONFIRM MY BUG
apt-get install subversion # on Karmic 9.10 for example
Start subversion local server (server method: svnserve deamon)
Create a repo and try to import to it - FAIL?
On the server / as root:
(IF YOU RUN SVN APACHE server, then disable it first!)
$ mkdir -p /srv/svn/repo/lc
$ cd /srv/svn/repo/lc
$ svnadmin create repofoo
$ killall svnserve
$ /usr/bin/svnserve -d -r /srv/svn/repo/
On the client / as user:
$ mkdir testsvn
$ cd testsvn/
$ mkdir repofoo
$ cd repofoo
$ echo "some text" > testfile.txt
$ svn import svn://localhost/lc/repofoo -m "importing"
and....?
******* THE RESULT: ****
here you will get error:
svn: Authorization failed
(There is no question about authorization.)
But checkout (by default allowed for anonymous) will work:
$svn co svn://localhost/lc/repofoo
Checked out revision 0.
***********************************************************************************
If you get this above 2 messages, instead of prompt to enter password, then this is the bug described,
it means svn connects always in anonymous mode, therefore blocked write but allowed read access.
Please confirm my bug and select on top Affects me too!
***********************************************************************************
Btw, I can not force authorization, look:
root@jumpi(2010-02-12 00:41:21)/srv/svn/repo/lc$ vim repofoo/conf/passwd
root@jumpi(2010-02-12 00:41:31)/srv/svn/repo/lc$ cat repofoo/conf/passwd
[users]
bob = secret
user1@jumpi(2010-02-12 00:41:04)~/testsvn/repofoo$ svn --username bob import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
user1@jumpi(2010-02-12 00:41:09)~/testsvn/repofoo$ svn --username bob --password secret import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
Ubuntu 9.10 amd64
ii subversion 1.6.5dfsg-1ubuntu1
Btw, using an older already existing repo (created months ago) works 100% fine.
|
|
2010-02-12 00:12:53 |
Krzysztof Klimonda |
subversion (Ubuntu): status |
New |
Confirmed |
|
2010-02-12 03:27:43 |
LimCore |
security vulnerability |
no |
yes |
|
2010-02-12 03:28:43 |
LimCore |
summary |
svn stoped asking for auth, and connects as anonymous - giving usually svn: Authorization failed |
svn sometimes ignoring svnserve.conf. Then SVN not asking for auth, connects as anonymous - giving misleading error: Authorization failed |
|
2010-02-12 03:30:55 |
LimCore |
description |
Binary package hint: subversion
Suddenly svn client stoped asking for passphrase and now just connects always as anonymous to any newly create repo,
but when I connect to an older repo (create months ago) all works!
For svn:// method, for svnserve -d server.
User A + old repo = works
User A + new repo = as anonymous always (even after rm -rf ~/.subversion)
User B + new repo = as anonymous always
Ubuntu 9.10 amd64
REPRODUCE - 5 minute test case - PLEASE CONFIRM MY BUG
apt-get install subversion # on Karmic 9.10 for example
Start subversion local server (server method: svnserve deamon)
Create a repo and try to import to it - FAIL?
On the server / as root:
(IF YOU RUN SVN APACHE server, then disable it first!)
$ mkdir -p /srv/svn/repo/lc
$ cd /srv/svn/repo/lc
$ svnadmin create repofoo
$ killall svnserve
$ /usr/bin/svnserve -d -r /srv/svn/repo/
On the client / as user:
$ mkdir testsvn
$ cd testsvn/
$ mkdir repofoo
$ cd repofoo
$ echo "some text" > testfile.txt
$ svn import svn://localhost/lc/repofoo -m "importing"
and....?
******* THE RESULT: ****
here you will get error:
svn: Authorization failed
(There is no question about authorization.)
But checkout (by default allowed for anonymous) will work:
$svn co svn://localhost/lc/repofoo
Checked out revision 0.
***********************************************************************************
If you get this above 2 messages, instead of prompt to enter password, then this is the bug described,
it means svn connects always in anonymous mode, therefore blocked write but allowed read access.
Please confirm my bug and select on top Affects me too!
***********************************************************************************
Btw, I can not force authorization, look:
root@jumpi(2010-02-12 00:41:21)/srv/svn/repo/lc$ vim repofoo/conf/passwd
root@jumpi(2010-02-12 00:41:31)/srv/svn/repo/lc$ cat repofoo/conf/passwd
[users]
bob = secret
user1@jumpi(2010-02-12 00:41:04)~/testsvn/repofoo$ svn --username bob import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
user1@jumpi(2010-02-12 00:41:09)~/testsvn/repofoo$ svn --username bob --password secret import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
Ubuntu 9.10 amd64
ii subversion 1.6.5dfsg-1ubuntu1
Btw, using an older already existing repo (created months ago) works 100% fine.
|
Binary package hint: subversion
Similar but *different* bug is bug#519083 where svn+ssh always just ignores authz.
Here svn's repo sometimes is enabled to be r/w even before editing svnserve.conf to allow any access,
and sometimes it blocks any access until svnserve.conf is edited. (SECURITY!)
Also access related error messages are not very helpful.
Svn client sometimes do not ask for passphrase and just connects always as anonymous to any newly create repo,
but when I connect to an older repo (create months ago) all works!
For svn:// method, for svnserve -d server.
User A + old repo = works
User A + new repo = as anonymous always (even after rm -rf ~/.subversion)
User B + new repo = as anonymous always
Ubuntu 9.10 amd64
REPRODUCE - 5 minute test case - PLEASE CONFIRM MY BUG
apt-get install subversion # on Karmic 9.10 for example
Start subversion local server (server method: svnserve deamon)
Create a repo and try to import to it - FAIL?
On the server / as root:
(IF YOU RUN SVN APACHE server, then disable it first!)
$ mkdir -p /srv/svn/repo/lc
$ cd /srv/svn/repo/lc
$ svnadmin create repofoo
$ killall svnserve
$ /usr/bin/svnserve -d -r /srv/svn/repo/
On the client / as user:
$ mkdir testsvn
$ cd testsvn/
$ mkdir repofoo
$ cd repofoo
$ echo "some text" > testfile.txt
$ svn import svn://localhost/lc/repofoo -m "importing"
and....?
******* THE RESULT: ****
here you will get error:
svn: Authorization failed
(There is no question about authorization.)
But checkout (by default allowed for anonymous) will work:
$svn co svn://localhost/lc/repofoo
Checked out revision 0.
***********************************************************************************
If you get this above 2 messages, instead of prompt to enter password, then this is the bug described,
it means svn connects always in anonymous mode, therefore blocked write but allowed read access.
Please confirm my bug and select on top Affects me too!
***********************************************************************************
Btw, I can not force authorization, look:
root@jumpi(2010-02-12 00:41:21)/srv/svn/repo/lc$ vim repofoo/conf/passwd
root@jumpi(2010-02-12 00:41:31)/srv/svn/repo/lc$ cat repofoo/conf/passwd
[users]
bob = secret
user1@jumpi(2010-02-12 00:41:04)~/testsvn/repofoo$ svn --username bob import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
user1@jumpi(2010-02-12 00:41:09)~/testsvn/repofoo$ svn --username bob --password secret import svn://localhost/lc/repofoo -m "importing"
svn: Authorization failed
Ubuntu 9.10 amd64
ii subversion 1.6.5dfsg-1ubuntu1
Btw, using an older already existing repo (created months ago) works 100% fine.
|
|
2011-04-27 19:42:50 |
Jamie Strandboge |
security vulnerability |
yes |
no |
|
2011-04-27 19:42:51 |
Jamie Strandboge |
removed subscriber Ubuntu Security Team |
|
|
|
2012-05-02 21:45:44 |
Maarten Bezemer |
subversion (Ubuntu): status |
Confirmed |
Incomplete |
|
2012-05-02 21:45:47 |
Maarten Bezemer |
bug |
|
|
added subscriber Maarten Bezemer |
2012-07-02 04:19:03 |
Launchpad Janitor |
subversion (Ubuntu): status |
Incomplete |
Expired |
|