[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1242608 - /subversion/branches/1.7.x/STATUS

From: Daniel Shahaf <danielsh_at_elego.de>
Date: Fri, 10 Feb 2012 05:54:09 +0200

I'd argue that it matters for any long-lived client. That includes all
GUI clients, and even Python:

% python
>>> from math import *
>>> x = (pi+e)/2.0
>>> from svn import *
>>> client.checkout3("https://github.com/foo/bar")
Aborted (core dumped)
%

Greg Stein wrote on Thu, Feb 09, 2012 at 22:47:00 -0500:
> Hrm. Yeah... I guess for a Windows shell extension, that is a significant
> distinction.
>
> Thx
> -g
> On Feb 9, 2012 10:39 PM, "Daniel Shahaf" <danielsh_at_elego.de> wrote:
>
> > Old code allows malicious servers to abort() the process libsvn is
> > linked to, new code doesn't.
> >
> > Greg Stein wrote on Thu, Feb 09, 2012 at 22:14:39 -0500:
> > > DoS? With the old code: the client died. With the new code: the client
> > > dies. No change that I'm aware of, other than a nicer error message.
> > >
> > > It seems the justification would be, "nicer error message" rather than
> > > anything about DoS.
> > >
> > > Cheers,
> > > -g
> > > On Feb 9, 2012 6:46 PM, <danielsh_at_apache.org> wrote:
> > >
> > > > Author: danielsh
> > > > Date: Thu Feb 9 23:46:06 2012
> > > > New Revision: 1242608
> > > >
> > > > URL: http://svn.apache.org/viewvc?rev=1242608&view=rev
> > > > Log:
> > > > Nominate r1242607.
> > > >
> > > > Modified:
> > > > subversion/branches/1.7.x/STATUS
> > > >
> > > > Modified: subversion/branches/1.7.x/STATUS
> > > > URL:
> > > >
> > http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1242608&r1=1242607&r2=1242608&view=diff
> > > >
> > > >
> > ==============================================================================
> > > > --- subversion/branches/1.7.x/STATUS (original)
> > > > +++ subversion/branches/1.7.x/STATUS Thu Feb 9 23:46:06 2012
> > > > @@ -85,6 +85,13 @@ Candidate changes:
> > > > Votes:
> > > > +1: philip
> > > >
> > > > + * r1242607
> > > > + Convert ra_serf assertions to errors.
> > > > + Justification:
> > > > + Malicious server can DoS clients.
> > > > + Votes:
> > > > + +1: danielsh
> > > > +
> > > > Veto-blocked changes:
> > > > =====================
> > > >
> > > >
> > > >
> > > >
> >
Received on 2012-02-10 04:55:03 CET

This is an archived mail posted to the Subversion Dev mailing list.