[Bug 1851325] Re: libneon27 has problems with MS IIS 7.5 WebDAV

Ubuntu Foundations Team Bug Bot 1851325 at bugs.launchpad.net
Tue Nov 5 04:22:11 UTC 2019 

The attachment "Patch to add translate f headers." seems to be a patch.
If it isn't, please remove the "patch" flag from the attachment, remove
the "patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to neon27 in Ubuntu.
https://bugs.launchpad.net/bugs/1851325

Title:
  libneon27 has problems with MS IIS 7.5 WebDAV

Status in neon27 package in Ubuntu:
  New

Bug description:
  libneon doesn't work with Microsoft's IIS 7.5 WebDAV implementation, because there is an extra translate:f header added.
  This is not just for MS's implementation, other WebDAV servers apparently added it too.
  https://docs.oracle.com/cd/E19146-01/821-1828/gczya/index.html
  https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wdvse/501879f9-3875-4d7a-ab88-3cecab440034

  The docs say that IF the client doesn't send the header, the server should send back a URI to the resource, like a redirect, at least I think so.
  But, MS's implementation doesn't.  Instead it just returns a "server error 500".

  This happens to me ONLY with files that have no extension.
  Example: using the WebDAV cadaver client, I can get "readme.txt",but I can't get a file called "config" (eg the config file in a .git folder).

  I used Burp Suite to inspect the HTTPS comms with the server and
  discovered the translate header.I tested with curl and sure enough it
  worked with the header.

  curl -H "translate: f" --insecure --proxy 127.0.0.1:8080 --user "user:pass" https://the.host.name/folder/project.git/config
  WORKED
  Without the -H "translate: f", the curl call did not work.

  The translate header seems to be added to just about every call to the
  WebDAV server, except HEAD.

  Attached is a patch that fixes up libneon, and that fixes cadaver and other such clients.
  I had to make an additional patch for davfs2 as it builds the requests without using neon's basic API.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: libneon27-gnutls 0.30.0-1ubuntu1
  ProcVersionSignature: Ubuntu 4.4.0-148.174~14.04.1-generic 4.4.177
  Uname: Linux 4.4.0-148-generic x86_64
  NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia
  ApportVersion: 2.14.1-0ubuntu3.29
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Tue Nov  5 11:55:14 2019
  InstallationDate: Installed on 2015-12-15 (1420 days ago)
  InstallationMedia: Linux Mint 17.3 "Rosa" - Release amd64 20151128
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_AU.utf8
   SHELL=/bin/bash
  SourcePackage: neon27
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neon27/+bug/1851325/+subscriptions

More information about the foundations-bugs mailing list