[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: We need to release 1.0.9 and 1.1.1 with r11211 ASAP

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: 2004-10-04 18:54:22 CEST

Tobias Ringström wrote:
> The security fixes introduced in 1.0.8 and 1.1.0-rc4 made RA->get_dir
> (and therefore "svn ls") over ra_dav "glacially slow" (as someone
> described it on users@). For a simple test case of mine, an ls of 412
> files that used to take 1.5 s now took around six minutes, i.e. it's 240
> times slower, but it could be a lot slower still depending on the
> circumstances. This is a showstopper performance regression for many users.

I agree.

> Luckily, a fix is available, but we need to get new versions out ASAP.
> (Unfortunatelly it will be difficult in some cases to get the fix out
> because vendors may have included the security fix (which caused the
> problem), but they may not include r11211 automatically because it's not
> a securiy fix.)
> So, please head over to STATUS for both 1.0.x and 1.1.x and review and
> vote!

The bulk of this fix may well be right, but this bit will stop me approving it:

+ /* Check if we have access to this path and return NOTDEF if
+ we don't. */
+ arb.r = resource->info->r;
+ arb.repos = resource->info->repos;
+ serr = dav_svn_authz_read(&allowed,
+ resource->info->root.root,
+ resource->info->repos_path,
+ &arb, p);
+ if (serr)
+ {
+ /* ### what to do? */
+ svn_error_clear(serr);
+ value = "###error###";
+ break;
+ }
+ if (! allowed)

To me, the "###" bits say, "Something went wrong with authorization, and we're not sure what to do about it, but, with a bit of luck, this might work."

Excuse me for being so blunt, but please figure out the correct thing to do, and do it.

- Julian

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Oct 4 19:01:22 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.