Re: [BUG] "svn propedit" loses changes in case of a network failure

2022-09-17 Thread Vincent Lefevre 
On 2022-09-18 01:41:38 +0200, Vincent Lefevre wrote:
> With svn 1.14.2 under Debian/unstable, I wanted to edit a log message
> with
> 
>   svn pe --revprop svn:log -r 151946
> 
> (not just a minor change, I was replacing text by a much longer text),
> but got an immediate error from SSH:

Note: after quitting the editor.

FYI, this means that Subversion is vulnerable to a remote attack.
Here are the details. The logs of my server show:

Sep 18 01:24:09 joooj sshd[141287]: error: kex_exchange_identification: 
Connection closed by remote host
Sep 18 01:24:09 joooj sshd[141287]: Connection closed by 197.5.145.64 port 58377
Sep 18 01:24:10 joooj sshd[615]: error: beginning MaxStartups throttling
Sep 18 01:24:10 joooj sshd[615]: drop connection #10 from [197.5.145.64]:58387 
on [155.133.131.76]:22 past MaxStartups

This "beginning MaxStartups throttling" was due to 197.5.145.64 only,
but this means that all the other IP addresses that attempt to
connect are concerned. There is protection by fail2ban, but it works
by looking at the logs, meaning that it takes a few seconds to react:

2022-09-18 01:24:11,513 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,514 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,539 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,540 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,568 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,569 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,569 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,592 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,592 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,608 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,636 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,663 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,697 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,698 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,698 fail2ban.actions[603]: NOTICE  [sshd] Ban 
197.5.145.64
2022-09-18 01:24:11,742 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,963 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,966 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:11,966 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:11
2022-09-18 01:24:13,972 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,972 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,973 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,974 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,975 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,975 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,978 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,979 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,981 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,982 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,983 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,984 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,985 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,986 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,987 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13
2022-09-18 01:24:13,988 fail2ban.filter [603]: INFO[sshd] Found 
197.5.145.64 - 2022-09-18 01:24:13

[BUG] "svn propedit" loses changes in case of a network failure

2022-09-17 Thread Vincent Lefevre 
With svn 1.14.2 under Debian/unstable, I wanted to edit a log message
with

  svn pe --revprop svn:log -r 151946

(not just a minor change, I was replacing text by a much longer text),
but got an immediate error from SSH:

kex_exchange_identification: read: Connection reset by peer
Connection reset by 155.133.131.76 port 22
svn: E170013: Unable to connect to a repository at URL 'svn+ssh://mysvn'
svn: E210002: To better debug SSH connection problems, remove the -q option 
from 'ssh' in the [tunnels] section of your Subversion configuration file.
svn: E210002: Network connection closed unexpectedly

Subversion apparently does not keep a copy of the text (contrary to
the case of a commit, which leaves a svn-commit.tmp file), so the
whole new text was lost!!!

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)