Bug#336373: subversion: svn MKCOL ssl error
Package: subversion Version: 1.2.3dfsg1-3 Severity: grave G'day. I have run into a problem where I can't commit a change to my subversion repository via HTTP/SSL. The problem seems identical to the one described in this bug report, but my issues continue despite running the version that claims to have fixed the problem. The server is running an up-to-date version of unstable as well, and I have verified that the same version of subversion and all appropriate modules are installed and running on both sides. The error I see is: svn: Commit failed (details follow): svn: MKCOL of '/svn/general/!svn/wrk/6796d7ea-5b09-0410-9cde-b6775cbebef8/debian/perl/librose-html-objects-perl-0.32/lib/Rose': SSL negotiation failed: SSL error: decryption failed or bad record mac (https://digital-infrastructure.com.au) There are, annoyingly enough, no errors at all in the Apache logs on the server side, which makes tracking this down much more annoying. The commit in question is fairly large, as it adds 8.2MB of files, representing 662 individual files. Other commits seem to work just fine, but they are much smaller. I have run into this once before -- but it was a much smaller commit, a long time ago, and not at all reproducible. At the time I couldn't identify any particular cause... I wonder if perhaps this is some sort of SSL renegotiation bug that triggers when submitting a sufficiently large commit or something? Daniel -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Versions of packages subversion depends on: ii db4.3-util 4.3.29-3 Berkeley v4.3 Database Utilities ii libapr02.0.55-3 the Apache Portable Runtime ii libc6 2.3.5-9 GNU C Library: Shared libraries an ii libneon24 0.24.7.dfsg-3 An HTTP and WebDAV client library ii libsvn01.2.3dfsg1-3 shared libraries used by Subversio ii patch 2.5.9-2 Apply a diff file to an original subversion recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#336373: subversion: svn MKCOL ssl error
Hi, On Wed, 9 Nov 2005 06:00:01 -0600 Peter Samuelson <[EMAIL PROTECTED]> wrote: > Can you please retest with my packages at > http://p12n.org/tmp/svn-336373/ ? I've tested them, and I've been able to import the whole uClibc source code through https:// without any problem (while it was previously failing after a couple of files). So I think it's fixed. BTW, your Packages.gz doesn't match the packages themselves: it contains wrong sizes. Thanks for the bug fix ! Sincerly, Thomas -- PETAZZONI Thomas - [EMAIL PROTECTED] http://{thomas,sos,kos}.enix.org - Jabber: [EMAIL PROTECTED] http://{agenda,livret}dulibre.org - http://www.toulibre.org Fingerprint : 0BE1 4CF3 CEA4 AC9D CC6E 1624 F653 CB30 98D3 F7A7 pgp1F9Z2v3QtI.pgp Description: PGP signature
Bug#336373: subversion: svn MKCOL ssl error
[Sven-Haegar Koch] > Having had the same problem, your test-packages recompiled locally > (just decreased the version number, I want the official one to > upgrade the test one when its released) fixes it for me. Great! We'll close the bug on the next upload, then, unless Thomas reports that this actually isn't fixed. > Thanks a lot. Thank you for the testing! Peter signature.asc Description: Digital signature
Bug#336373: subversion: svn MKCOL ssl error
Peter Samuelson wrote: I came up with several ways around this - the latest is to use libneon24 but *not* link libssl0.9.8. There was never any reason for us to link to openssl at all; this was a packaging bug. Can you please retest with my packages at http://p12n.org/tmp/svn-336373/ ? Having had the same problem, your test-packages recompiled locally (just decreased the version number, I want the official one to upgrade the test one when its released) fixes it for me. Thanks a lot. c'ya sven -- The Internet treats censorship as a routing problem, and routes around it. (John Gilmore on http://www.cygnus.com/~gnu/) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#336373: subversion: svn MKCOL ssl error
[Peter Samuelson] > Oh, doh! /usr/bin/svn will not use libneon25, so that accomplished > nothing. I came up with several ways around this - the latest is to use libneon24 but *not* link libssl0.9.8. There was never any reason for us to link to openssl at all; this was a packaging bug. Can you please retest with my packages at http://p12n.org/tmp/svn-336373/ ? Thanks! Peter signature.asc Description: Digital signature
Bug#336373: subversion: svn MKCOL ssl error
[Peter Samuelson] > Oh, doh! /usr/bin/svn will not use libneon25, so that accomplished > nothing. > > I'll build a new set of packages that use libneon25 instead Well, now I see why Debian ships both neon24 and neon25. subversion won't yet compile against neon25, and I don't have the time or inclination right now to hack it so it does. Laszlo, could you provide a libneon24{,-dev} compiled against ssl0.9.8, please? Thanks, Peter signature.asc Description: Digital signature
Bug#336373: subversion: svn MKCOL ssl error
[Thomas Petazzoni] > > Since you have a ready test case for this, can you try the neon > > package at > > http://www.barcikacomp.hu/deb/libneon25_0.25.4.dfsg-1_i386.deb, as > > mentioned in Bug #335574? > > With a Debian sid updated yesterday and your package, it still doesn't > work: Oh, doh! /usr/bin/svn will not use libneon25, so that accomplished nothing. I'll build a new set of packages that use libneon25 instead, and place them in http://p12n.org/tmp/svn-336373/ for you to download. The files should be there within about 2 hours. Can you test this again with those packages? Thanks, Peter signature.asc Description: Digital signature
Bug#336373: subversion: svn MKCOL ssl error
Hi, On Sun, 6 Nov 2005 13:47:01 -0600 Peter Samuelson <[EMAIL PROTECTED]> wrote: > Since you have a ready test case for this, can you try the neon > package at > http://www.barcikacomp.hu/deb/libneon25_0.25.4.dfsg-1_i386.deb, as > mentioned in Bug #335574? With a Debian sid updated yesterday and your package, it still doesn't work: svn: PUT of '/svn/thomas/!svn/wrk/6e5a851d-1305-0410-a907-edefcced848f/sos-uclibc/trunk/test/setjmp/setjmp_test.c': SSL negotiation failed: SSL error: decryption failed or bad record mac (https://ssl.bulix.org) Sincerly, Thomas -- PETAZZONI Thomas - [EMAIL PROTECTED] http://{thomas,sos,kos}.enix.org - Jabber: [EMAIL PROTECTED] http://{agenda,livret}dulibre.org Fingerprint : 0BE1 4CF3 CEA4 AC9D CC6E 1624 F653 CB30 98D3 F7A7 signature.asc Description: PGP signature
Bug#336373: subversion: svn MKCOL ssl error
[Thomas Petazzoni] > Maybe it's a problem around libneon24 (linked against openssl0.9.7) > and the fact that subversion is linked against openssl 0.9.8. Since you have a ready test case for this, can you try the neon package at http://www.barcikacomp.hu/deb/libneon25_0.25.4.dfsg-1_i386.deb, as mentioned in Bug #335574? Thanks, Peter signature.asc Description: Digital signature
Bug#336373: subversion: svn MKCOL ssl error
First, apologies for the delayed response - I didn't get the BTS mail until the other day, possibly because of the known mail backlog affecting certain Debian services. > svn: MKCOL of > '/svn/thomas/!svn/wrk/b82d4a0a-4a04-0410-8ac2-c33f329d32ff/uclibc-sos/trunk/test/string': > Could not read status line: SSL error: decryption failed or bad record > mac (https://ssl.bulix.org) I don't have an https server handy, so I can't test this right away - I'll try and get to it in the next couple of days. But grepping the subversion source, I don't see that error string anywhere, which makes me think it is indeed something internal to libneon. I'll check the libneon source as soon as I get a bit of time, and reassign this bug if necessary. > Maybe it's a problem around libneon24 (linked against openssl0.9.7) > and the fact that subversion is linked against openssl 0.9.8. Yes, quite possibly. I wonder if bazaar exhibits a similar bug, since it's in the same situation. No such bug has been reported ... but maybe nobody uses baz with https. (: Thanks for the report, Peter signature.asc Description: Digital signature
Bug#336373: subversion: svn MKCOL ssl error
Package: subversion Version: 1.2.3dfsg1-2 Severity: grave Justification: renders package unusable Hi, While trying to import files inside a Subversion repository accessed through https, I get the following error, fully reproducible (everytime on the same directory): svn: MKCOL of '/svn/thomas/!svn/wrk/b82d4a0a-4a04-0410-8ac2-c33f329d32ff/uclibc-sos/trunk/test/string': Could not read status line: SSL error: decryption failed or bad record mac (https://ssl.bulix.org) Maybe it's a problem around libneon24 (linked against openssl0.9.7) and the fact that subversion is linked against openssl 0.9.8. Sincerly, Thomas -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-rc4 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Versions of packages subversion depends on: ii db4.2-util 4.2.52-20 Berkeley v4.2 Database Utilities ii libapr02.0.55-3 the Apache Portable Runtime ii libc6 2.3.5-7 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-20 Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.8-3 XML parsing C library - runtime li ii libldap2 2.1.30-12 OpenLDAP libraries ii libneon24 0.24.7.dfsg-2 An HTTP and WebDAV client library ii libssl0.9.80.9.8a-2 SSL shared libraries ii libsvn01.2.3dfsg1-2 shared libraries used by Subversio ii libxml22.6.22-1 GNOME XML library ii patch 2.5.9-2 Apply a diff file to an original ii zlib1g 1:1.2.3-6 compression library - runtime subversion recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]