[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Issues with mod_dav in httpd 2.2.25 and 2.4.6

From: Ben Reser <ben_at_reser.org>
Date: Thu, 07 Nov 2013 21:46:43 -0800

The current releases of httpd (at the time of writing this email) have two
issues when used with Subversion. At this point httpd doesn't release very
often leaving some users with an unfortunate choice to leave their httpd
unpatched from some security issues fixed by those releases or to deal with
these additional bugs introduced in recent versions of httpd.

In order to help the end users I've put together some patches (that should be
included in the next releases of Apache httpd) that resolve these issues.

* PR 55397 : ABI change in mod_dav causes failures with older versions of SVN
https://issues.apache.org/bugzilla/show_bug.cgi?id=55397

This issue presents itself when the client or the server are 1.6.x or older
(specifically that they do not support HTTPv2). Users will see failures when
trying to commit changes to paths that have URI unsafe characters in their
names (e.g. paths with spaces). This will show up as an error about
"Unable to PUT new contents for /path" in the httpd error logs.

Patches:
2.4.x: https://people.apache.org/~breser/httpd/2.4.x/patches/pr55397.patch
2.2.x: https://people.apache.org/~breser/httpd/2.2.x/patches/pr55397.patch

* PR 55306 : COPY fails when source is locked
https://issues.apache.org/bugzilla/show_bug.cgi?id=55306

This issue presents itself with an 424 Failed Dependency when the source that
you're copying is locked with `svn lock`.

Patches:
2.4.x: https://people.apache.org/~breser/httpd/2.4.x/patches/pr55306.patch
2.2.x: https://people.apache.org/~breser/httpd/2.2.x/patches/pr55306.patch

I believe some binary packages have included these patches already. But I'm
not sure which ones have and have not. Hopefully those vendors can respond
here to note that. Note that the patches are against httpd and not SVN so if
the binary package you're using does not include Apache httpd and just uses the
httpd included with your OS/distribution then it's up to the OS/distribution to
have patched (which they likely have not).
Received on 2013-11-08 06:47:30 CET

This is an archived mail posted to the Subversion Users mailing list.