[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Required version of APR

From: Stefan Sperling <stsp_at_elego.de>
Date: Wed, 5 Feb 2014 19:58:52 +0100

On Wed, Feb 05, 2014 at 10:36:57AM -0800, Ben Reser wrote:
> Stefan Sperling apparently ran into a repository corruption Subversion 1.8.4 on
> RedHat 5 using the system APR (1.2.7). I'm not sure of the details but I'm
> sure he can fill them in.

This was at a client who asked for an on-site visit after experiencing
many instances of corruption on dozens of repositories in the above
mentioned setup.

Using a binary file that had been committed to a revision that was
corrupt, we could construct a test case with simply committing this
file in a loop and running 'svnadmin verify' on the HEAD revision
right after. The corruption occurred in about 1 in 100 revisions.
Symptoms were like in http://subversion.tigris.org/issues/show_bug.cgi?id=3705
The commit itself succeeded so Subversion believed the data had been
committed fine. Only a subsequent 'svnadmin verify' found the problem.

I don't have the test data available. It was a 12MB binary .msi file.
I suspect that many types of files can be used to reproduce the problem
on Red Hat 5 with Wandisco's Subversion 1.8.5 binaries (which rely on
the system-provided APR RPM package). Corrupted revisions I inspected
also included corrupted office documents, zip files, and the like.
I found no text files causing corruption, only binary files.
But perhaps size is the only issue (binaries tend to be larger than text).
I didn't have enough time to inspect all corrupted revisions.

After upgrading APR to 1.4.8 the problem could not be repeated during
over 40.000 commits of the same .msi file. To my knowledge there have
been no new instances of repository corruption since my on-site visit
there last week.

> If old versions of APR are causing repository corruption issues then we're
> failing our users by not rejecting these versions of APR. We can't expect our
> users to know about these things unless we tell them. Right now we communicate
> version requirements in 4 places.
> 1) INSTALL file, which says that you need 0.9.7 or 1.x.x of APR (doesn't really
> mention APR-util but the implication is the same version requirements).

APR-util didn't have anything to do with it. In fact, we left it at 1.2.7
during our testing.
> It's our burden to set useful dependency requirements. There's plenty of room
> for recommendation versus requirements in the 4 places above (build system is
> requirement, INSTALL and get-deps.sh are recommendation). Let's update our APR
> requirements.


Unfortunately, I don't know which APR version between 1.2.7 and 1.4.8
has the fix. I think we should enforce APR 1.3.x that serf also requires
and block any earlier versions at compile time (unless the user passes a
magic flag to the configure script) and document the reason in INSTALL.

APR 1.3.x is used in Red Hat 6. I believe if that version was affected
we'd have gotten more widespread reports on this issue. Red Hat 5 is old.
Received on 2014-02-05 19:59:31 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.