Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.8.5, 1.9.3
-
None
-
Unix-like (e.g. Linux, Solaris)
Description
Steps to reproduce:
1. setup SVN server with password authentication
2. set juser's password to e.g. '%123secret'
2. install gpg-agent
3. execute as juser (at least two times such that gpg-agent kicks in): svn ls $project
4. execute `svn ls $project` one more time
Actual result:
In step 3, user is asked for his password after gpg-agent pinentry is successfully finished.
In step 4, the last `svn ls $project` still yields a svn password prompt
Expected result:
In step 3, no more password prompt after gpg-agent pinentry is successfully finished.
In step 4, the last `svn ls $project` doesn't ask for password since it is able to retrieve it from gpg-agent.
How reproducible:
always
Workaround:
replace % characters in your password, e.g. with '!' ones.
Analysis:
The 'svn' command issues a 'GET_PASSPHRASE --data' command, thus, special characters inside the password might be escaped via the percent character. Especially, % itself is escaped like this: %25. The code in gpg-agent.c doesn't seem to handle this, i.e. it doesn't try to 'parse' (i.e. unescape) % sequences.
Perhaps it is even easier to drop the --data option, i.e. then all characters are hex encoded.
See also:
https://svn.apache.org/repos/asf/subversion/tags/1.9.3/subversion/libsvn_subr/gpg_agent.c
https://svn.apache.org/repos/asf/subversion/tags/1.8.5/subversion/libsvn_subr/gpg_agent.c