subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Reser <...@reser.org>
Subject Issues with mod_dav in httpd 2.2.25 and 2.4.6
Date Fri, 08 Nov 2013 05:46:43 GMT
The current releases of httpd (at the time of writing this email) have two
issues when used with Subversion.  At this point httpd doesn't release very
often leaving some users with an unfortunate choice to leave their httpd
unpatched from some security issues fixed by those releases or to deal with
these additional bugs introduced in recent versions of httpd.

In order to help the end users I've put together some patches (that should be
included in the next releases of Apache httpd) that resolve these issues.

* PR 55397 : ABI change in mod_dav causes failures with older versions of SVN
https://issues.apache.org/bugzilla/show_bug.cgi?id=55397

This issue presents itself when the client or the server are 1.6.x or older
(specifically that they do not support HTTPv2).  Users will see failures when
trying to commit changes to paths that have URI unsafe characters in their
names (e.g. paths with spaces).  This will show up as an error about
"Unable to PUT new contents for /path" in the httpd error logs.

Patches:
2.4.x: https://people.apache.org/~breser/httpd/2.4.x/patches/pr55397.patch
2.2.x: https://people.apache.org/~breser/httpd/2.2.x/patches/pr55397.patch

* PR 55306 : COPY fails when source is locked
https://issues.apache.org/bugzilla/show_bug.cgi?id=55306

This issue presents itself with an 424 Failed Dependency when the source that
you're copying is locked with `svn lock`.

Patches:
2.4.x: https://people.apache.org/~breser/httpd/2.4.x/patches/pr55306.patch
2.2.x: https://people.apache.org/~breser/httpd/2.2.x/patches/pr55306.patch

I believe some binary packages have included these patches already.  But I'm
not sure which ones have and have not.  Hopefully those vendors can respond
here to note that.  Note that the patches are against httpd and not SVN so if
the binary package you're using does not include Apache httpd and just uses the
httpd included with your OS/distribution then it's up to the OS/distribution to
have patched (which they likely have not).



Mime
View raw message