Package: subversion Version: 1.4.2dfsg1-2 Severity: normal
When adding a file with an option-like name touch -- -foo svn add -- -foo svn ci -m "Adding -foo" I get the following error: Transmitting file data ............svn: Commit succeeded, but other errors follow: svn: Error bumping revisions post-commit (details follow): svn: In directory '<snip>' svn: Error processing command 'committed' in '<snip>' svn: Error replacing text-base of '-foo' svn: Can't change perms of file '<snip>/-foo': No such file or directory Seems like just a '--' missing in a chmod invokation, so I'm reporting although I couldn't reproduce it again. After that, the working copy got locked, and any attempt at svn cleanup just resulted in svn: In directory '.' svn: Error processing command 'committed' in '.' svn: Error replacing text-base of '-foo' svn: Can't change perms of file '-foo': No such file or directory The commit made it in, though, and an independant checkout afterwards works fine, too. I'm not a security researcher, so I have no clue about whether and if so how this could be exploited, but it feels fishy. Thanks, Marc -- System Information: Debian Release: 4.0 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.24-etchnhalf.1-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages subversion depends on: ii libapr1 1.2.7-8.2 The Apache Portable Runtime Librar ii libc6 2.3.6.ds1-13etch9 GNU C Library: Shared libraries ii libsvn1 1.4.2dfsg1-2 Shared libraries used by Subversio subversion recommends no packages. -- no debconf information -- Marc Mutz - m...@kdab.com, m...@kde.org - Klarälvdalens Datakonsult AB Platform-independent software solutions - www.kdab.com i...@kdab.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
