Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Tracked Elsewhere
Priority: Medium
Fix Version/s: N/A
Affects Version/s: None
Component/s: Indexing
Labels:
- indexing
- subversion
- svn

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

If a Subversion repository contains a file that has a path containing URL decodable sequences (%XX where X is a 0-9 or A-F) or spaces then recursive operations fail when the HTTP or HTTPS protocol is used.

For example if there is a path in the repository such as /branches/dir-with-percents-%28brackets%29/file.txt then

svn info -R http://SERVER/branches

fails with an error similar to:

Repository paused due to error com.cenqua.fisheye.rep.RepositoryClientException: org.apache.subversion.javahl.ClientException: svn: E160013: '/svn/repository/!svn/bc/2/branches/dir-with-percents-(brackets)/file.txt' path not found: 404 Not Found (http://SERVER) org.apache.subversion.javahl.ClientException: svn: E160013: '/svn/repository/!svn/bc/2/branches/dir-with-percents-(brackets)/file.txt' path not found: 404 Not Found (http://SERVER) org.tmatesoft.svn.core.SVNException: svn: E160013: '/svn/repository/!svn/bc/2/branches/dir-with-percents-(brackets)/file.txt' path not found: 404 Not Found (http://SERVER)

The problem is caused by the improper escaping of URIs in mod_dav. This issue has been reintroduced is some Apache Httpd releases, however it seems to be finally fixed in Httpd 2.4.10. More information is available here:

For example calling

svn info -R http://SERVER/branches

Makes a PROPFIND HTTP request to the SVN repository, similar to the following:

curl -H "Depth: 1" -X PROPFIND http://SERVER/repo/\!svn/rvr/5/branches

Where the proper response looks like (Apache Httpd 2.2.31):

<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:">
  <D:response xmlns:S="http://subversion.tigris.org/xmlns/svn/" ...>
    <D:href>/repo/!svn/rvr/5/branches/</D:href>
    ...
  </D:response>
  <D:response xmlns:S="http://subversion.tigris.org/xmlns/svn/"...>
    <D:href>/repo/!svn/rvr/5/branches/dir-with-percents-%2528brackets%2529/</D:href> <!-- NOTE THE DIFFERENCE HERE. % is escaped resulting in %25 string -->
   ...

A vulnerable version of Httpd won't escape the % character causing the output to look like (Apache Httpd 2.2.26):

<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:">
  <D:response xmlns:S="http://subversion.tigris.org/xmlns/svn/" ...>
    <D:href>/repo/!svn/rvr/5/branches/</D:href>
    ...
  </D:response>
  <D:response xmlns:S="http://subversion.tigris.org/xmlns/svn/" ...>
    <D:href>/repo/!svn/rvr/5/branches/dir-with-percents-%28brackets%29/</D:href>  <!-- NOTE THE DIFFERENCE HERE. % is not escaped -->
   ...

Workaround

Upgrade Apache Httpd to version 2.4.10+
Configure Fisheye repository to use file:// (possibly with svnsync) or svn://.
1. Protocol svn+ssh:// cannot be used due to an existing bug in SVNKit: https://issues.tmatesoft.com/issue/SVNKIT-476

Attachments

Issue Links

is related to

FE-5636 FishEye SVN Indexing Fails When Filenames contain backslash

Closed

relates to

FE-5809 Indexing stopped due to to error com.cenqua.fisheye.rep.RepositoryClientException

Closed

links to

Bug 54611 - Location header for dav_created not URI encoded

Bug 55397 - mod_dav: dav_resource->uri is now being treated as an unparsed uri

Bug 56480 - mod_dav: PROPFIND walker doesn't encode hrefs properly.

Bug #1284641 problem with paths with spaces with 12.04 client with 14.04 server

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 links to, 15 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Cezary Zawadka

Votes:: 2 Vote for this issue

Watchers:: 15 Start watching this issue

Dates

Created:: 24/Feb/2015 2:05 PM

Updated:: 07/Oct/2020 8:46 PM

Resolved:: 09/May/2016 9:04 AM