Package: libapache2-svn
Version: 1.4.2dfsg1-2
Severity: important
The apache2 module for SVN DAV access has an unusual problem regarding
whitespace at the beginning of a username in the authorization file. The
conditions are as such:
1: A valid authz file is present and apache is freshly restarted
2: A line is added to some group, anywhere in the file, with a space at
the beggining, eg. " user=rw".
* Apache will now disallow all users access to any repository
3: The line is altered to remove the offending space, eg. change line to
"user=rw"
* Apache will now allow normal access to all users/repositories
4: Re-add the space at the beginning of the formerly-bad line, eg.
change back to " user=rw"
* Apache will now allow normal access, although the file is in an
identical state to step #2
The error given is:
Failed to load the AuthzSVNAccessFile: The character '=' in rule
'abcd' is not allowed in authz rules
where "abcd" is the username preceding the offending line " user=rw".
The important nature of this bug is that it disallows all repository
access when in step #2, which is how I found it. It is some stateful
nature of the file parser, which is certainly confusing to users.
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages libapache2-svn depends on:
ii apache2.2-common 2.2.3-3.1 Next generation, scalable,
extenda
ii libc6 2.3.6.ds1-7 GNU C Library: Shared libraries
ii libsvn1 1.4.2dfsg1-2 Shared libraries used by
Subversio
libapache2-svn recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
