Debian Bug report logs - #413194
libneon26: Subversion does not work with Kerberos authentication

version graph

Package: libneon26; Maintainer for libneon26 is (unknown);

Reported by: Arne Nordmark <nordmark@mech.kth.se>

Date: Sat, 3 Mar 2007 07:00:01 UTC

Severity: normal

Found in version neon26/0.26.2-3.1

Fixed in versions neon26/0.26.3-1, neon26/0.26.2-4

Done: Laszlo Boszormenyi (GCS) <gcs@debian.hu>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.hu>:
Bug#413194; Package libneon26. Full text and rfc822 format available.

Acknowledgement sent to Arne Nordmark <nordmark@mech.kth.se>:
New Bug report received and forwarded. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.hu>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Arne Nordmark <nordmark@mech.kth.se>
To: submit@bugs.debian.org
Subject: libneon26: Subversion does not work with Kerberos authentication
Date: Sat, 03 Mar 2007 07:56:51 +0100
Subject: libneon26: Subversion does not work with Kerberos authentication
Package: libneon26
Version: 0.26.2-3.1
Severity: normal

*** Please type your report below this line ***

Trying subversion with a valid Kerberos ticket:

nordmark@bubo:~$ svn list https://www2.mech.kth.se/svn/simson
svn: PROPFIND request failed on '/svn/simson'
svn: PROPFIND of '/svn/simson': 207 Multi-Status (https://www2.mech.kth.se)

This seems to be a known issue with libneon26, see
<http://www.lyra.org/pipermail/neon/2007-February/002386.html> and the
suggested patch in the reply.

Applying the patch below indeed solves the problem.

Thank you
Arne Nordmark

--- neon26-0.26.2/src/ne_auth.c 2007-03-03 07:35:07.000000000 +0100
+++ ne_auth.c   2007-03-03 07:32:18.000000000 +0100
@@ -516,7 +516,7 @@
     char *sep, *ptr = strchr(duphdr, ' ');
     int ret;

-    if (strncmp(hdr, "Negotiate", ptr - hdr) != 0) {
+    if (strncmp(hdr, "Negotiate", ptr - duphdr) != 0) {
         NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Not a Negotiate response!\n");
         ne_free(duphdr);
         return NE_ERROR;

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libneon26 depends on:
ii  libc6    2.3.6.ds1-11                    GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description 
library
ii  libkrb53 1.4.4-6                         MIT Kerberos runtime libraries
ii  libssl0. 0.9.8c-4                        SSL shared libraries
ii  libxml2  2.6.27.dfsg-1                   GNOME XML library
ii  zlib1g   1:1.2.3-13                      compression library - runtime

libneon26 recommends no packages.

-- no debconf information



Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.hu>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Arne Nordmark <nordmark@mech.kth.se>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 413194-close@bugs.debian.org (full text, mbox):

From: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
To: 413194-close@bugs.debian.org
Subject: Bug#413194: fixed in neon26 0.26.3-1
Date: Sun, 04 Mar 2007 10:32:04 +0000
Source: neon26
Source-Version: 0.26.3-1

We believe that the bug you reported is fixed in the latest version of
neon26, which is due to be installed in the Debian FTP archive:

libneon26-dbg_0.26.3-1_i386.deb
  to pool/main/n/neon26/libneon26-dbg_0.26.3-1_i386.deb
libneon26-dev_0.26.3-1_i386.deb
  to pool/main/n/neon26/libneon26-dev_0.26.3-1_i386.deb
libneon26-gnutls-dbg_0.26.3-1_i386.deb
  to pool/main/n/neon26/libneon26-gnutls-dbg_0.26.3-1_i386.deb
libneon26-gnutls-dev_0.26.3-1_i386.deb
  to pool/main/n/neon26/libneon26-gnutls-dev_0.26.3-1_i386.deb
libneon26-gnutls_0.26.3-1_i386.deb
  to pool/main/n/neon26/libneon26-gnutls_0.26.3-1_i386.deb
libneon26_0.26.3-1_i386.deb
  to pool/main/n/neon26/libneon26_0.26.3-1_i386.deb
neon26_0.26.3-1.diff.gz
  to pool/main/n/neon26/neon26_0.26.3-1.diff.gz
neon26_0.26.3-1.dsc
  to pool/main/n/neon26/neon26_0.26.3-1.dsc
neon26_0.26.3.orig.tar.gz
  to pool/main/n/neon26/neon26_0.26.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 413194@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.hu> (supplier of updated neon26 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  3 Mar 2007 09:33:23 +0000
Source: neon26
Binary: libneon26 libneon26-gnutls-dbg libneon26-gnutls-dev libneon26-gnutls libneon26-dbg libneon26-dev
Architecture: source i386
Version: 0.26.3-1
Distribution: unstable
Urgency: low
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
Description: 
 libneon26  - An HTTP and WebDAV client library
 libneon26-dbg - Detached symbols for libneon26
 libneon26-dev - Header and static library files for libneon26
 libneon26-gnutls - An HTTP and WebDAV client library (GnuTLS enabled)
 libneon26-gnutls-dbg - Detached symbols for libneon26 (GnuTLS enabled)
 libneon26-gnutls-dev - Header and static library files for libneon26 (GnuTLS enabled)
Closes: 404723 413194
Changes: 
 neon26 (0.26.3-1) unstable; urgency=low
 .
   * New upstream release to officially fix CVE-2007-0157 (closes: 404723).
   * Fix Kerberos authentication (closes: #413194).
Files: 
 565cb48d43d544d37e9479c6118c32ed 781 net optional neon26_0.26.3-1.dsc
 6e52cd9c03e372026d6eccbfb80f09ef 789289 net optional neon26_0.26.3.orig.tar.gz
 66fb80089ed3af17d2f5ffe0a2c6584d 7382 net optional neon26_0.26.3-1.diff.gz
 6f1a075a98bda7e426a9807adbf5d603 119754 libs optional libneon26_0.26.3-1_i386.deb
 d6d19544716728f3e5b4c11718815ae9 348874 libdevel optional libneon26-dev_0.26.3-1_i386.deb
 08bfb5b5219e578cb5e42ac629416362 158602 libdevel extra libneon26-dbg_0.26.3-1_i386.deb
 82fe0336046b3f4c9e4258f77a0545c6 94946 libs optional libneon26-gnutls_0.26.3-1_i386.deb
 7ba55a3f5406420ca63c133b8aee54dd 320898 libdevel optional libneon26-gnutls-dev_0.26.3-1_i386.deb
 d99e93ec33fcd70ba0bdbf1820e3bd76 138694 libdevel extra libneon26-gnutls-dbg_0.26.3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF6pxjMDatjqUaT90RApjpAJ9wiHYwmyHu/RE9C4WWjCfU/RLm1QCgmvEl
BpNr25I7ilc1pao/u2CJXh8=
=KGTQ
-----END PGP SIGNATURE-----




Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.hu>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Arne Nordmark <nordmark@mech.kth.se>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 413194-close@bugs.debian.org (full text, mbox):

From: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
To: 413194-close@bugs.debian.org
Subject: Bug#413194: fixed in neon26 0.26.2-4
Date: Thu, 24 May 2007 18:27:07 +0000
Source: neon26
Source-Version: 0.26.2-4

We believe that the bug you reported is fixed in the latest version of
neon26, which is due to be installed in the Debian FTP archive:

libneon26-dbg_0.26.2-4_i386.deb
  to pool/main/n/neon26/libneon26-dbg_0.26.2-4_i386.deb
libneon26-dev_0.26.2-4_i386.deb
  to pool/main/n/neon26/libneon26-dev_0.26.2-4_i386.deb
libneon26-gnutls-dbg_0.26.2-4_i386.deb
  to pool/main/n/neon26/libneon26-gnutls-dbg_0.26.2-4_i386.deb
libneon26-gnutls-dev_0.26.2-4_i386.deb
  to pool/main/n/neon26/libneon26-gnutls-dev_0.26.2-4_i386.deb
libneon26-gnutls_0.26.2-4_i386.deb
  to pool/main/n/neon26/libneon26-gnutls_0.26.2-4_i386.deb
libneon26_0.26.2-4_i386.deb
  to pool/main/n/neon26/libneon26_0.26.2-4_i386.deb
neon26_0.26.2-4.diff.gz
  to pool/main/n/neon26/neon26_0.26.2-4.diff.gz
neon26_0.26.2-4.dsc
  to pool/main/n/neon26/neon26_0.26.2-4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 413194@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.hu> (supplier of updated neon26 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 21 May 2007 19:54:00 +0000
Source: neon26
Binary: libneon26 libneon26-gnutls-dbg libneon26-gnutls-dev libneon26-gnutls libneon26-dbg libneon26-dev
Architecture: source i386
Version: 0.26.2-4
Distribution: stable
Urgency: low
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
Description: 
 libneon26  - An HTTP and WebDAV client library
 libneon26-dbg - Detached symbols for libneon26
 libneon26-dev - Header and static library files for libneon26
 libneon26-gnutls - An HTTP and WebDAV client library (GnuTLS enabled)
 libneon26-gnutls-dbg - Detached symbols for libneon26 (GnuTLS enabled)
 libneon26-gnutls-dev - Header and static library files for libneon26 (GnuTLS enabled)
Closes: 413194
Changes: 
 neon26 (0.26.2-4) stable; urgency=low
 .
   * Fix Kerberos authentication (closes: #413194).
Files: 
 3928812d2b4e11005a662b980a6d71d7 781 net optional neon26_0.26.2-4.dsc
 ed73149c86d5904f71f5f29681a5cb49 7455 net optional neon26_0.26.2-4.diff.gz
 69eac484f0ac7e364db112f0e0b7f3f1 118938 libs optional libneon26_0.26.2-4_i386.deb
 cee99af1baae0fb1860de082a57a0ca0 347718 libdevel optional libneon26-dev_0.26.2-4_i386.deb
 144679a039becbc91eca2375fff1efc4 157782 libdevel extra libneon26-dbg_0.26.2-4_i386.deb
 a9789de8b2267f7fc793dcfaec01f165 94242 libs optional libneon26-gnutls_0.26.2-4_i386.deb
 6299e687aa6577526b7ef0b04954a534 319756 libdevel optional libneon26-gnutls-dev_0.26.2-4_i386.deb
 3d8e627493c9d9f9fa94dcbc0666bc39 137840 libdevel extra libneon26-gnutls-dbg_0.26.2-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGUgDKMDatjqUaT90RAtTrAKCYfcqcoPc4h9wthGgEciWFOY+pOgCfQ9zk
V+/OWIfWMafYsOCvuMMQDBw=
=VFvN
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Jun 2007 06:10:54 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 15:43:01 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.