Authz on Collection of Repositories (was: Expansion of authz policy name leak)

There was a discussion in April 2010 regarding the "fix" for issue 2753. http://svn.haxx.se/dev/archive-2010-04/0277.shtml Unfortunately the discussion died due to lack of other opinions. I think Mike had some very important input here and I believe that this concluding statement is incorrect:

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

To clarify what this issue is about: Subversion 1.7 leaks repository names when configured with SVNListParentPath and AuthzSVNAccessFile. It might have been unintentional, but with Subversion 1.6 (and earlier) it was possible to control access to the repository list (Collection of Repositories)

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

On 23 okt 2012, at 14:22, roderich.sch...@gmail.com wrote: > I'm working on the patch to list only readable repositories. There is > already TODO comment in the code by cmpilato: > subversion\mod_dav_svn\repos.c:3461 > Thanks Ivan for looking into it. Let's see if it is feasible to address.

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

On 24 okt 2012, at 15:37, Roderich Schupp wrote: > On Wed, Oct 24, 2012 at 6:09 AM, Daniel Shahaf > wrote: >> Daniel Shahaf wrote on Wed, Oct 24, 2012 at 06:07:45 +0200: >>> I can't reproduce this. 'curl -s https://svn.apache.org/repos/private/' >> Since I didn't pass -u, in both cases I was b

Re: Authz on Collection of Repositories

Thanks Ivan for your work. I have very little experience with the svn codebase so my review is probably not very valuable. Anyway. looks good to me. I have meant to set up a test server with our reference configuration to validate the patch under realistic circumstances. Unfortunately, the SLES

Re: Authz on Collection of Repositories

On 5 nov 2012, at 09:11, Branko Čibej wrote: > On 05.11.2012 00:21, Thomas Åkesson wrote: >> I did some tests with curl --head just as a sanity check. It seems to be a >> good choice for access control. I primarily wanted to see that HEAD requests >> were not allowed in si

Re: Authz on Collection of Repositories

On 5 nov 2012, at 00:21, Thomas Åkesson wrote: > > I have meant to set up a test server with our reference configuration to > validate the patch under realistic circumstances. Unfortunately, the SLES > activation servers have been down for several hours (we don't have dev t

Re: [RFC] Non-normalizing Unicode Composition Awareness

Revisiting this thread after a few months. Last spring, I did some work in the Wiki designing a proposal for resolving the Mac Unicode issues in a Non-normalizing manner. I ran out of time, but the thought process has been ongoing. A couple of weeks ago at Subversion Live in London, I had the o

Re: [RFC] Non-normalizing Unicode Composition Awareness

On 9 nov 2012, at 14:28, "C. Michael Pilato" wrote: > On 11/09/2012 07:49 AM, Branko Čibej wrote: >> On 09.11.2012 12:28, Thomas Åkesson wrote: >> I'm currently doing the grunt work of implementing the collation (done) >> and the LIKE and GLOB operators tha

Re: Content-Length in HEAD responses

Thanks Justin for clarifying. On 10 nov 2012, at 12:54, Justin Erenkrantz wrote: > On Sat, Nov 10, 2012 at 6:49 AM, Justin Erenkrantz > wrote: > There is a C-L header...so, I don't know what the original poster is seeing, > but we're already doing the right thing... -- justin > > I bet the OP

Re: Authz on Collection of Repositories

On 9 nov 2012, at 18:45, Ivan Zhakov wrote: > On Thu, Nov 8, 2012 at 6:49 PM, Thomas Åkesson > wrote: >> >> Parentpath on /svn/ and Satisfy Any: >> >> - Access without auth displays repositories with anonymous access, auth is >> not requested. >>

Re: Authz on Collection of Repositories

On 14 nov 2012, at 11:53, Ivan Zhakov wrote: >>> >>> Confirmed as far as my testing goes (did not test short_circuit). I suggest >>> committing the patch with GET subrequest and potentially change all to >>> HEAD in a separate commit if there is consensus. >> Committed in r1408184. > I doubt abo

Re: fork/exec for hooks scripts with a large FSFS cache

On 14 nov 2012, at 01:44, Daniel Shahaf wrote: > Philip Martin wrote on Tue, Nov 13, 2012 at 21:30:00 +: >> Perhaps we could start up a separate hook script process before >> allocating the large FSFS cache and then delegate the fork/exec to that >> smaller process? > > If so, let's have that

Re: Authz on Collection of Repositories

Hi Ivan, I committed to drafting some change notes for this change quite some time ago. - Below is a draft of a section to include in Release Notes. I suggest just after "In repository authz". - Patch contains line for CHANGES - Patch contains clarification and new example for mod_authz_svn

Re: Authz on Collection of Repositories

On 16 jan 2013, at 20:15, C. Michael Pilato wrote: > On 01/16/2013 01:54 PM, Thomas Åkesson wrote: >> Hi Ivan, >> >> I committed to drafting some change notes for this change quite some time >> ago. >> >> - Below is a draft of a section to include in Rel

Re: Authz on Collection of Repositories

On 16 jan 2013, at 20:44, C. Michael Pilato wrote: > On 01/16/2013 02:27 PM, Thomas Åkesson wrote: >> >> On 16 jan 2013, at 20:15, C. Michael Pilato wrote: >> >>> On 01/16/2013 01:54 PM, Thomas Åkesson wrote: >>>> Hi Ivan, >>>> >>

Re: svn commit: r1408325 - /subversion/branches/wc-collate-path/subversion/libsvn_subr/sqlite.c

First of all, I am really sorry that I did not observe this thread while ongoing. Due to time constraints, my contributions to Subversion happens now and then. I have spent quite a bit of time writing the wiki pages, experimenting, and discussing with the people who have shown interest (Branko,

Re: Functional and UI spec for local moves

On 17 jan 2013, at 20:59, Julian Foad wrote: > Ben and I recently started producing a functional and UI spec for local moves: > > I think the table in the wiki provides a well needed overview. If nothing else, it demonstrates the the amount of po

Re: svn commit: r1408325 - /subversion/branches/wc-collate-path/subversion/libsvn_subr/sqlite.c

On 23 jan 2013, at 02:32, Ben Reser wrote: > On Sun, Jan 20, 2013 at 12:15 PM, Thomas Åkesson wrote: >> I have spent quite a bit of time writing the wiki pages, experimenting, and >> discussing with the people who have shown interest (Branko, Julian, Ben and >> a couple o

Re: [RFC] Server Dictated Configuration

Hi all, First of all, thanks for working on server dictated config and inherited properties. We use Subversion as the core of a Document CMS (with focus on structured XML authoring). Some of the components we develop are available as open-source: http://repossearch.com/ We would be absolutely

Re: Let's discuss about unicode compositions for filenames!

Hi, I have been interested in this issue for a couple of years and I remember it was discussed briefly at Subconf in Germany a couple of years ago. Branching the thread here because I'd like to propose a different approach than Hiroaki. This proposition is not very different from the note "uni

Re: Let's discuss about unicode compositions for filenames!

On 11 feb 2012, at 13:10, Hiroaki Nakamura wrote: > Hi, > > 2012/2/9 Thomas Åkesson : >> Hi, >> I have been interested in this issue for a couple of years and I remember it >> was discussed briefly at Subconf in Germany a couple of years ago. >> >> Bra

Re: Let's discuss about unicode compositions for filenames!

On 12 feb 2012, at 16:59, Stefan Sperling wrote: > On Sun, Feb 12, 2012 at 04:47:45PM +0100, Thomas Åkesson wrote: >> Would it make sense to formalize the different approaches into a >> couple of RFCs attempting to summarize the respective implications of >> each approach?

[RFC] Non-normalizing Unicode Composition Awareness (was: Let's discuss about unicode compositions for filenames!)

Title: Non-normalizing Unicode Composition Awareness Version: 0.1 (2012-02-14) Context === Within Unicode, some characters can in the unicode standard be represented in 2 different ways (composed/decomposed), while rendered equally on screen or in print. A unicode string (e.g. a file name) can

Re: {SPAM 03.5} Re: [RFC] Non-normalizing Unicode Composition Awareness

; into the wiki. If you find that this first draft shows promise, please consider granting edit access in the wiki. My user name is "Thomas Åkesson", which exercises the Unicode awareness of MoinMoin... /Thomas Å. On 14 feb 2012, at 11:25, Julian Foad wrote: > Hi Thomas. It&

Re: Compressed Pristines (Design Doc)

Hi Ash, I noticed that "Remove pristine store or render optional" is considered a Non-Goal. If changes are made to wc-db in order to manage compressed pristines, it might make sense to ensure that the design can also handle optional pristines in the future. The typical Subversion use case (cod

Re: [RFC] Non-normalizing Unicode Composition Awareness

x27;ve granted you write access to the wiki. > > Thomas Åkesson wrote on Tue, Feb 14, 2012 at 12:36:23 +0100: >> Thanks Julian and Markus for providing feedback. >> >> I am not commenting below because all the feedback is very good and I will >> try to address it as

Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

On 6 apr 2012, at 16:05, "C. Michael Pilato" wrote: > On 04/05/2012 10:33 PM, Greg Stein wrote: >>> If not, any suggestions on where the master passphrase fetch/store >>> bits might best fit in? >> >> A new callback. But you definitely need a DSO option so core svn does not >> have GNOME/KDE de

Re: Ev2 and Authz

On 16 apr 2012, at 15:12, C. Michael Pilato wrote: > On 04/14/2012 11:00 AM, Hyrum K Wright wrote: >> Good morning (in some parts of the world)! >> >> I've been doing some poking around with Ev2 and copy operations on the >> ev2-export branch, and have some observations which merit discussion. >

Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

On 16 apr 2012, at 16:43, C. Michael Pilato wrote: > On 04/15/2012 03:45 PM, Thomas Åkesson wrote: >>> You are correct. Today we have DSO options for GNOME/KDE, and simple >>> #if-wrapping for Win32 and MacOS. GPG Agent doesn't have the >>> lib/heavy deps

Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

On 16 apr 2012, at 20:05, "C. Michael Pilato" wrote: > On 04/16/2012 12:33 PM, Thomas Åkesson wrote: >> Personally, the feature to manually move/copy the encrypted store is >> definitely useful, but I do consider some other features of the >> Desktop-integrated

Re: svn commit: r1326696 - in /subversion/trunk/subversion/libsvn_client: add.c client.h commit.c copy.c delete.c prop_commands.c util.c

On 17 apr 2012, at 02:26, Hyrum K Wright wrote: > On Mon, Apr 16, 2012 at 5:22 PM, Greg Stein wrote: >> On Mon, Apr 16, 2012 at 18:04, Stefan Sperling wrote: >>> >>> At the very least, you must compare the URL of the node at the calculated >>> local_abspath to the original node_url. If they do

Re: [RFC] Non-normalizing Unicode Composition Awareness

he WC and preferably get some idea on what the community thinks about the approach. /Thomas Å. On 26 mar 2012, at 04:14, Thomas Åkesson wrote: > Hi, > Sorry about the delay, had a release to sort out... > > I have moved the proposal into the wiki: > http://w

Re: Ev2 and Authz

On 17 apr 2012, at 11:47, Julian Foad wrote: > Thomas Åkesson wrote: > >> I have not had time to follow the Inherited Properties thread completely, >> but >> this is kind of related. One could argue that if a user knows about the URL >> to >> /A/B/C/D,

Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

On 17 apr 2012, at 21:26, "C. Michael Pilato" wrote: > On 04/16/2012 09:53 PM, Thomas Åkesson wrote: > >> I would like to see a non-graphical implementation of the Secret Service >> API with a solid CLI. That would merit a project in itself, separate from >> S

Re: [RFC] Non-normalizing Unicode Composition Awareness

rk around the "irreversible problem". It would also be useful if someone could point me to where in the WC code the conversion from UTF-8 to locale encoding is performed. Thanks! /Thomas Å. On 17 apr 2012, at 05:24, Thomas Åkesson wrote: > Hi, > A bit of a status update on

Re: man pages for Subversion

Hi Julian et al, I think your XML approach is the way to go in order to fulfill current and future requirements. A single source to keep updated is vital. XML is an ideal source format for HTML, PDF while plaintext (svn help), man etc should be no problems to sort out with XSLT. I was unable t

Re: Syntax for templated SVNPath

On 9 aug 2013, at 17:52, C. Michael Pilato wrote: > Put simply, CollabNet wants to start using dynamic virtual hosting with > Apache HTTP Server in one of our offerings in order to avoid adding a > literal block for every single virtual host on the system. First of all, I like this enhancement

Re: man pages for Subversion

On 14 aug 2013, at 20:47, Mattias Engdegård wrote: > 12 aug 2013 kl. 12.38 skrev Julian Foad: > >> Hi James. I have one thing to throw into the mix, which you might be >> interested in looking at. I experimented a few months ago with generating >> both the C help strings and man pages from

Re: Syntax for templated SVNPath

On 14 aug 2013, at 03:25, Ben Reser wrote: > On 8/13/13 4:41 PM, Thomas Åkesson wrote: >> To make this enhancement complete, I believe all settings that take a >> "directory-path" should be handled identically (allow the templating). To >> me, the most obvious

Re: svn commit: r1546619 - /subversion/branches/fsfs-ucsnorm/BRANCH-README

On 29 nov 2013, at 21:09, Branko Čibej wrote: > On 29.11.2013 20:42, Ivan Zhakov wrote: >> On 29 November 2013 22:22, wrote: >>> Author: brane >>> Date: Fri Nov 29 18:22:00 2013 >>> New Revision: 1546619 >>> >>> URL: http://svn.apache.org/r1546619 >>> Log: >>> * branches/fsfs-ucsnorm/BRANCH-R

Re: svn commit: r1546619 - /subversion/branches/fsfs-ucsnorm/BRANCH-README

On 8 dec 2013, at 10:56, Branko Čibej wrote: >> You might remember from back when I did some specification work (in the >> wiki) that I am a strong proponent of the "normalization-preserving" >> approach to the problem. I believe n-p makes many issues dealing with >> existing repositories muc

mod_dav_svn changing the request filename - interaction with mod_rewrite

Hi, Revision 1512432 causes a regression when mod_dav_svn is used together with mod_rewrite, which we have done successfully since Subversion 1.5. I have also studied the follow up commits which change the approach somewhat from setting filename to null into a bogus file. Use case: Using mod_re

Re: mod_dav_svn changing the request filename - interaction with mod_rewrite

On 11 dec 2013, at 22:22, Ben Reser wrote: > On 12/11/13 10:45 AM, Ben Reser wrote: >> Hmm this is going to be a pain to fix (possibly impossible). Because what >> mod_rewrite is doing is really hackish. When you use the PT (PassThrough) >> flag >> mod_rewrite puts passthrough:/my/new/URL int

Re: Bug in ra_serf with client certificates

On 28 jan 2014, at 14:37, Lieven Govaerts wrote: > On Tue, Jan 28, 2014 at 1:53 PM, Branko Čibej wrote: > >> [Tue Jan 28 13:32:47 2014] [info] SSL Library Error: 336105671 >> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return >> a certificate No CAs known to server for

Re: Bug in ra_serf with client certificates

On 2014-02-21, at 12:58, Bert Huijben wrote: > > >> -Original Message----- >> From: Thomas Åkesson [mailto:tho...@akesson.cc] >> Sent: vrijdag 21 februari 2014 11:32 >> To: Subversion Development >> Cc: Branko Čibej; Lieven Govaerts >> Subject: R

Lock non-existent to allow reserving a path

Hi, We would like to enhance the locking in Subversion to support use cases where the user needs to ensure that added files will be possible to commit. There are a couple of use cases: 1. Adding files that are dependencies to other files, where the reference mechanism is cumbersome. Simple case

Re: Lock non-existent to allow reserving a path

> On 24 feb 2014, at 20:36, Ben Reser wrote: > >> On 2/24/14, 8:30 AM, Thomas Åkesson wrote: >> We would like to enhance the locking in Subversion to support use cases >> where the user needs to ensure that added files will be possible to commit. >> There are a

Re: Lock non-existent to allow reserving a path

Thanks Philip for sharing your insight into the lock mechanisms. Sorry about the delay, wanted to find time to investigate. On 24 feb 2014, at 19:56, Philip Martin wrote: > Thomas Åkesson writes: > >> Svn does not allow locking non-existent paths. It is blocked both in >&

Re: Subversion checked-out files not indexed in Windows search

On 17 mar 2014, at 10:40, Bert Huijben wrote: > > >> -Original Message- >> From: Markus Schaber [mailto:m.scha...@codesys.com] >> Sent: maandag 17 maart 2014 10:07 >> To: Jason Kresowaty; dev@subversion.apache.org >> Subject: AW: Subversion checked-out files not indexed in Windows sear

svnpubsub as build server trigger - Jenkins

Hi all, I have been looking into svnpubsub for a couple of use cases in our XML Authoring CMS (based on Subversion). Both use cases involve Java as client to svnpubsub. Has anyone considered developing a Jenkins Build Trigger plugin that connects to svnpubsub? Seems like the ideal way of avoid

Re: svnpubsub as build server trigger - Jenkins

uot;version": 1}event: stillalivedata: {"stillalive": 1480954076.285757}event: commitdata: {"committer": "testuser", "log": "test", "repository": "50217dbe-7a01-4030--f1baa9200a11", "format": 1, "changed&q

Re: translations (let's use Transifex or Pootle)

> On 16 Mar 2017, at 16:36, Bert Huijben wrote: > > For some reason Transifex doesn't want me to update Swedish 'sv' resources, > but does allow Swedish-Sweden 'sv_SE' rersources. Strange, they list 'sv' as a supported: https://www.transifex.com/explore/languages/ Being Swedish I can't think

Re: Augmenting the WebDAV side of Subversion with merkle hashes for directories.

Yes, I was also about to suggest mod_rewrite. Should be possible to match on your secret hidden filename and return content from a “shadow” directory structure that only contains those files. You could generate those files in the shadow structure on the post-commit event. I have rewrites wit

Re: Wiki migration to Confluence: test conversion ready for review

> On 2018-02-27, at 23:25, Johan Corveleyn wrote: > > Johan Corveleyn wrote: > After ironing out most of the big issues, I think the current "test conversion" is ready for review by a larger audience. I'd like to perform the final migration next Tuesday the 27th, after 21h (GMT+

Re: Wiki migration to Confluence: test conversion ready for review

e case of those two links (mentions) to your name, I only "fixed" > that in the latest test. Because apparently in MoinMoin your username > is "Thomas Åkesson", while that page contains literal ThomasAkesson > (!= username). So my first iterations didn't pick t

Re: Mergeinfo is not per node

On 22 jul 2014, at 13:40, Julian Foad wrote: Hi Julian, I happened to read this post despite not having much focus on merge functionality. We use Subversion for XML-authoring and we don't support branching/merging of trees, just files. This line of thought approaches one of our long-standing

Re: Merging parallel-put to /trunk

> I think that local commits are usually fast enough. But committing over > a high-latency network, e.g., with a transatlantic RTT of 150ms, can be > painfully slow — see below. Poor network connections are of course a very important concern, likely even more important than some additional seco