Tobias Ringström wrote:
> The security fixes introduced in 1.0.8 and 1.1.0-rc4 made RA->get_dir
> (and therefore "svn ls") over ra_dav "glacially slow" (as someone
> described it on users@). For a simple test case of mine, an ls of 412
> files that used to take 1.5 s now took around six minutes, i.e. it's 240
> times slower, but it could be a lot slower still depending on the
> circumstances. This is a showstopper performance regression for many users.
I agree.
> Luckily, a fix is available, but we need to get new versions out ASAP.
> (Unfortunatelly it will be difficult in some cases to get the fix out
> because vendors may have included the security fix (which caused the
> problem), but they may not include r11211 automatically because it's not
> a securiy fix.)
>
> So, please head over to STATUS for both 1.0.x and 1.1.x and review and
> vote!
The bulk of this fix may well be right, but this bit will stop me approving it:
+ /* Check if we have access to this path and return NOTDEF if
+ we don't. */
+ arb.r = resource->info->r;
+ arb.repos = resource->info->repos;
+ serr = dav_svn_authz_read(&allowed,
+ resource->info->root.root,
+ resource->info->repos_path,
+ &arb, p);
+ if (serr)
+ {
+ /* ### what to do? */
+ svn_error_clear(serr);
+ value = "###error###";
+ break;
+ }
+ if (! allowed)
+ return DAV_PROP_INSERT_NOTDEF;
To me, the "###" bits say, "Something went wrong with authorization, and we're not sure what to do about it, but, with a bit of luck, this might work."
Excuse me for being so blunt, but please figure out the correct thing to do, and do it.
- Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Oct 4 19:01:22 2004