Re: Issues with mod_dav in httpd 2.2.25 and 2.4.6
I've just replied to the related thread and noticed this one.
VisualSVN Server has the patch applied since 2.6.5 version:
On Fri, Nov 8, 2013 at 9:46 AM, Ben Reser <ben_at_reser.org> wrote:
> The current releases of httpd (at the time of writing this email) have two
> issues when used with Subversion. At this point httpd doesn't release very
> often leaving some users with an unfortunate choice to leave their httpd
> unpatched from some security issues fixed by those releases or to deal with
> these additional bugs introduced in recent versions of httpd.
> In order to help the end users I've put together some patches (that should be
> included in the next releases of Apache httpd) that resolve these issues.
> * PR 55397 : ABI change in mod_dav causes failures with older versions of SVN
> This issue presents itself when the client or the server are 1.6.x or older
> (specifically that they do not support HTTPv2). Users will see failures when
> trying to commit changes to paths that have URI unsafe characters in their
> names (e.g. paths with spaces). This will show up as an error about
> "Unable to PUT new contents for /path" in the httpd error logs.
> 2.4.x: https://people.apache.org/~breser/httpd/2.4.x/patches/pr55397.patch
> 2.2.x: https://people.apache.org/~breser/httpd/2.2.x/patches/pr55397.patch
> * PR 55306 : COPY fails when source is locked
> This issue presents itself with an 424 Failed Dependency when the source that
> you're copying is locked with `svn lock`.
> 2.4.x: https://people.apache.org/~breser/httpd/2.4.x/patches/pr55306.patch
> 2.2.x: https://people.apache.org/~breser/httpd/2.2.x/patches/pr55306.patch
> I believe some binary packages have included these patches already. But I'm
> not sure which ones have and have not. Hopefully those vendors can respond
> here to note that. Note that the patches are against httpd and not SVN so if
> the binary package you're using does not include Apache httpd and just uses the
> httpd included with your OS/distribution then it's up to the OS/distribution to
> have patched (which they likely have not).
With best regards,
Received on 2013-11-08 09:28:29 CET
This is an archived mail posted to the Subversion Users