Bug#403686: libapache2-svn: Authorization file reader fails on whitespace
tags 403686 + moreinfo quit Hi, Brian Sipos wrote: 1: A valid authz file is present and apache is freshly restarted 2: A line is added to some group, anywhere in the file, with a space at the beggining, eg. user=rw. * Apache will now disallow all users access to any repository 3: The line is altered to remove the offending space, eg. change line to user=rw * Apache will now allow normal access to all users/repositories 4: Re-add the space at the beginning of the formerly-bad line, eg. change back to user=rw * Apache will now allow normal access, although the file is in an identical state to step #2 The error given is: Failed to load the AuthzSVNAccessFile: The character '=' in rule 'abcd' is not allowed in authz rules where abcd is the username preceding the offending line user=rw. The important nature of this bug is that it disallows all repository access when in step #2, which is how I found it. It is some stateful nature of the file parser, which is certainly confusing to users. Sorry for the slow response. Because I am unbelievably lazy, before investigating further, I'd like to know: what version of libapache2-svn do you use now? Can you still reproduce this? Thanks, Jonathan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#403686: libapache2-svn: Authorization file reader fails on whitespace
(resending to a more modern email address) Hi, Brian Sipos wrote: 1: A valid authz file is present and apache is freshly restarted 2: A line is added to some group, anywhere in the file, with a space at the beggining, eg. user=rw. * Apache will now disallow all users access to any repository 3: The line is altered to remove the offending space, eg. change line to user=rw * Apache will now allow normal access to all users/repositories 4: Re-add the space at the beginning of the formerly-bad line, eg. change back to user=rw * Apache will now allow normal access, although the file is in an identical state to step #2 The error given is: Failed to load the AuthzSVNAccessFile: The character '=' in rule 'abcd' is not allowed in authz rules where abcd is the username preceding the offending line user=rw. The important nature of this bug is that it disallows all repository access when in step #2, which is how I found it. It is some stateful nature of the file parser, which is certainly confusing to users. Sorry for the slow response. Because I am unbelievably lazy, before investigating further, I'd like to know: what version of libapache2-svn do you use now? Can you still reproduce this? Thanks, Jonathan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#403686: libapache2-svn: Authorization file reader fails on whitespace
Package: libapache2-svn Version: 1.4.2dfsg1-2 Severity: important The apache2 module for SVN DAV access has an unusual problem regarding whitespace at the beginning of a username in the authorization file. The conditions are as such: 1: A valid authz file is present and apache is freshly restarted 2: A line is added to some group, anywhere in the file, with a space at the beggining, eg. user=rw. * Apache will now disallow all users access to any repository 3: The line is altered to remove the offending space, eg. change line to user=rw * Apache will now allow normal access to all users/repositories 4: Re-add the space at the beginning of the formerly-bad line, eg. change back to user=rw * Apache will now allow normal access, although the file is in an identical state to step #2 The error given is: Failed to load the AuthzSVNAccessFile: The character '=' in rule 'abcd' is not allowed in authz rules where abcd is the username preceding the offending line user=rw. The important nature of this bug is that it disallows all repository access when in step #2, which is how I found it. It is some stateful nature of the file parser, which is certainly confusing to users. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages libapache2-svn depends on: ii apache2.2-common2.2.3-3.1Next generation, scalable, extenda ii libc6 2.3.6.ds1-7 GNU C Library: Shared libraries ii libsvn1 1.4.2dfsg1-2 Shared libraries used by Subversio libapache2-svn recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
