Bug#884096: subversion: "svn+ssh:": Too many authentication failures

Mon, 11 Dec 2017 03:39:28 -0800 

Package: subversion
Version: 1.9.7-3
Severity: grave
Justification: renders package unusable

Just after the upgrade to 1.9.7-3, "svn+ssh:" is now unusable,
at least with some servers. This is a major regression.

Before the upgrade, on the server side:

Dec 11 12:16:28 joooj sshd[12206]: Postponed publickey for svn from 
140.77.13.17 port 36508 ssh2 [preauth]
Dec 11 12:16:28 joooj sshd[12206]: Accepted publickey for svn from 140.77.13.17 
port 36508 ssh2: RSA SHA256:SesJlF53vo9BluX48f4cBF+NnHhzpgQRqXa629zs6P0
Dec 11 12:16:28 joooj sshd[12206]: pam_unix(sshd:session): session opened for 
user svn by (uid=0)
Dec 11 12:16:28 joooj svnserve: DIGEST-MD5 common mech free
Dec 11 12:16:28 joooj sshd[12213]: Received disconnect from 140.77.13.17 port 
36508:11: disconnected by user
Dec 11 12:16:28 joooj sshd[12213]: Disconnected from 140.77.13.17 port 36508
Dec 11 12:16:28 joooj sshd[12206]: pam_unix(sshd:session): session closed for 
user svn

After the upgrade, on the server side:

Dec 11 12:18:52 joooj sshd[12242]: error: maximum authentication attempts 
exceeded for svn from 140.77.13.17 port 38542 ssh2 [preauth]
Dec 11 12:18:52 joooj sshd[12242]: Disconnecting: Too many authentication 
failures [preauth]

Note: openssh-client is still the same version, so that what seems to
trigger the failure is the subversion upgrade.

I'll try to downgrade...

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-1-amd64 (SMP w/12 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages subversion depends on:
ii  libapr1        1.6.3-1
ii  libaprutil1    1.6.1-1
ii  libc6          2.25-3
ii  libldap-2.4-2  2.4.45+dfsg-1
ii  libsasl2-2     2.1.27~101-g0780600+dfsg-3
ii  libsvn1        1.9.7-3

subversion recommends no packages.

Versions of packages subversion suggests:
pn  db5.3-util          <none>
pn  libapache2-mod-svn  <none>
ii  patch               2.7.5-1+b2
ii  subversion-tools    1.9.7-3

-- no debconf information

Reply via email to